Data protection has become a new requirement for companies in the recent past. The Internet is now part and parcel of our daily lives and governing bodies have seen the need to protect people.
The best-known data protection policy is the General Data Protection Regulation or GDPR which was effected in the European Union. This law was developed for data protection and privacy in Europe and also to address the transfer of personal data outside the EU. It carries stiff penalties to companies that are found guilty, where they can be fined up to 4% of their annual worldwide turnover which can be a massive fine for a company with huge revenues.
Locally, we do have a data protection law. It was signed in November last year by the president and you can check out about the law here and here. Generally, it establishes a framework for data processing in the country and it introduces the office of a data protection commissioner which the country will get its first soon.
This change has led to the need for companies to be compliant with data protection laws and this is why MyComplyKit was founded.
MyComplyKit was founded by two lawyers; Nzilani Mweu and Elizabeth Moturi, who have a lot of experience in Data Protection law and compliance. They have advised various local and international corporations with regard to privacy and data protection. Nzilani was also written locally and internationally published papers on Data Protection and has trained groups of people on the very matter.
“We realized there was a gap in regard to awareness of the legal obligations on privacy and data protection, particularly for small and medium-sized businesses,” Nzilani Mweu, MyComplyKit co-founder said. “While large corporations are more aware of their risks and obligations by virtue of their ability to retain legal services, smaller businesses may not be fully aware of these obligations,” she added.
Their intention with MyComplyKit is to create a source of knowledge for awareness and help these businesses comply in a simple way that doesn’t require them to retain legal services.
“All the businesses that collect personal information on their customers such as names, location addresses, phone numbers, ID, including online businesses need to put in place privacy and data protection measures,” Nzilani Mweu said.
The compliance also extends beyond the Data Protection Act. “Some businesses may also need to comply with international laws and policies such as the GDPR, California Consumer Protection Act and the US Health Insurance Portability and Accountability Act (HIPPA),” she added. “MyComplyKit helps you determine whether you need such international compliance and helps you to implement it.”
They have designed MyComplyKit for anyone who holds personal data. They have a self-assessment kit that enables you to assess whether you are compliant with Kenya’s Data Protection Act, 2019. It also offers suggestions on what needs to be done to be in compliance with the act.
The implementation of the Data Protection Act 2019 in Kenya will be a thing to take notice of as more businesses handle customer data via their online platforms. According to government data from last year’s census, one in 5 Kenyans use the internet which will increase over time. Businesses this year were forced into a digital transformation process this year due to COVID-19 and the next step will be them to be compliant with the Data Protection Act as well as any relevant data protection act in other countries.