KENYA: PUBLICATION OF THE DATA PROTECTION REGULATIONS, 2021

By Sharon Odeny,Ariana Issaias,Daniel Mwathe,John Syekei Wednesday, January 19, 2022
  • SHARE THIS ARTICLE

Early last year, we advised that the Ministry of ICT, Innovation and Youth Affairs had issued draft regulations (see our analysis of the draft Regulations here) that would have a wide impact on businesses in Kenya in terms of how they collect, manage and treat personal data.

The Ministry has now finalized and gazetted three sets of regulations (published last Friday) that will now come into force (provided the National Assembly does not object to the contents of any of the regulations within the next 28 days). Businesses will need to comply with: (i) the Data Protection (General) Regulations, 2021; (ii) the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021; and (iii) the Data Protection (Compliance and Enforcement Regulations), 2021 (the "Regulations").

Our Data Protection team are currently reviewing the regulations in detail and will be providing a further in-depth update of the provisions in due course.