NAIROBI, Kenya, Jan 26 — The Office of the Data Protection Commissioner (ODPC) has called on the data processors and controllers to safeguard and embrace a culture of privacy while handling data to ensure compliance to legal provisions.
ODPC Director General Immaculate Kassait who spoke during a virtual forum on Wednesday said data controllers must look into ways of ensuring their systems and processes are in place and secure to ensure data protection.
She emphasized the need for data handlers to understand the type of data they are collecting, processing, releasing and how it is stored.
“It is important as a data controller to acquit yourself with the data protection act, what are the provisions it says as far as your role is concerned. It is important as part of making sure you are moving towards default and design to know where your information is,” Kassait said.
She warned that failure by institutions to treat data protection seriously could affect their reputation pointing out that the issue needs to be adopted publicly.
Kassait made the appeal as Kenya prepared to join the world in commemorating the Data Protection Day marked annually on January 28 and the 41st anniversary of Convention 108, the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data which became the first binding international instrument on data protection in 1981.
The Data Protection Day or Privacy Day is a day to raise awareness and promote privacy and data protection best practices.
Kassait stated that there must be a clear line between a data controller and data processor pointing out that the higher responsibility tends to go to data controllers.
She also called on formulation of policies to ensure compliance adding that data governance continues to be a bigger challenge.
“It is not possible for you to have a conversation around data protection as an institution if you do not have a data policy framework,” she said.
Kassait added that the data policy framework plays a critical role in answering questions to deal with retention and privacy policies and issues to do with consent.
The Data Commissioner said that there was a need for collaboration among different sectors to ensure success in data protection.
“It is completely impossible for the Office of the Data Protection to go door to door to ensure compliance. This is why we have decided to institute the Nigerian model to have people who walk with you on this journey,” she said.
Amnesty International Kenya Executive Director Irungu Houghton who also spoke during the forum noted that embracing data is an important step in policy making.
“Without data all you are left with is opinions and anecdotes,” he said.
Houghton added that it was critical for data miners to be clear on what the data is being used for.
Amit Gadhia, a data protection lawyer, stated that safeguarding of data is a human rights issue that must be taken seriously.
He added that data protection compliance is a continuous journey that cannot be achieved in a single day.
“Privacy and Data Protection compliance is a top-down approach. The whole thing has to be properly integrated so there is compliance,” Gadhia stated.
