State Opens Registration for Data Processors and Data Controllers

0
Immaculate Kassait, Data Protection Commissioner

The Office of the Data Protection Commissioner (ODPC) has announced the commencement of the registration of Data Controllers and Data Processors. The activity started yesterday, and is done via an online portal at www.odpc.go.ke.

The Data Protection Act, 2019, became law at the end of 2019. Among its many provisions is that data controllers and data processors must register with the ODPC. However, the registration exercise did not start immediately because it lacked some additional regulations.

This is the reason why the state pursued and published the Data Protection (registration of Data Controllers and Data Processors) Regulations, 2021. The amendments were made official at the start of 2022, and came into effect yesterday.


Thus, it is now a statutory requirement for all data controllers and processors to be registered.  This included the collection and storage of data of people located in Kenya.

Both public and private entities have been tasked to register. Furthermore, people that deal with personal data will also be expected to do so.

The ODPC has since released a Guidance Note on Registration of Data Controllers and Processors.

Data Protection Act, 2019

The law regulates the processing of personal data and information.

The handling of that information is now bound to the principles of data protection that ape those provided by GDPR.

Illegal processing of personal data will effectively be punishable.

The law also saw the setting up of the office of a Data Protection Commissioner.

Previously, such an institution did not exist.

It covers people who own and control data and third parties that manage, store and sort personal data. Furthermore, it applies to natural or legal persons, agencies, and public authorities.

Local organizations and global ones are also guided by the law provided they process data belonging to locals.


Additional benefits include a robust data privacy system for sensitive data and stiff penalties for groups that go against the law.

For instance, abusers will be fined up to KES 3 million or receive a maximum of a 2-year jail sentence.


Previous articleFlutterwave Cushions Recent Controversies with New Graduate Trainee Program
Next articleThe Role of VFFS in enhancing the efficiency of operations
Kenn Abuya is a friend of technology, with bias in enterprise and mobile tech. Share your thoughts, tips and hate mail at [email protected]