Immaculate Kassait Kenya’s first Data Commissioner

How to Engage With Data Protection Authorities as an SME

By Meshack Masibo

Episode 5 of the Data Protection Podcast builds on the conversation we have been having in the past 4 episodes by introducing SMEs to the Office of the Data Protection Commissioner (ODPC) and how they can build a good relationship with the Office. This episode features Tamar Kaldani who is the former Data Commissioner of Georgia and Rose Mosero who is the Kenyan Deputy Data Commissioner in a sizzling conversation moderated by Catherine Muya. 

The episode demystifies the role of the ODPC in Kenya and debunks myths about privacy and data protection in Kenya. Rose Mosero makes it clear how SMEs can engage the ODPC, report any complaints they might have and get their issues addressed and resolved speedily by the ODPC.

According to Rose, the ODPC operates under an open-door policy and is keen on building regional offices that SMEs can easily access. Another key highlight is that the ODPC will increasingly issue advisories targeting small and medium-sized enterprises to offer guidance on how they can comply with the Data Protection Act.

Tamar Kaldani brings in some lessons for both regulators and SMEs on how to build a good relationship with each other and maximize its benefits. Tamar advised the ODPC to continue in its good work and not to mind naysayers because, from her experience, you can never truly please everyone, especially as a regulator. She added that small and medium-sized enterprises also stand to benefit from nurturing great relationships with regulators as compliant businesses are more appealing to customers.  

 The Data Protection Act 2019 established the Office of the Data Protection Commissioner which is tasked with the implementation and enforcement of the Act. Consequently, in November 2020, Ms Immaculate Kassait was appointed as the first Data Protection Commissioner. 

The ODPC has the mandate to among others, enforce the Data Protection Act, oversee operations relating to the processing of data, and to receive and investigate complaints relating to infringement of the right to privacy. In the course of the last 2 years, the Office has focused on setting up shop and putting in place measures to enable it to discharge its responsibilities.

The Office has managed to overcome the initial hurdles of low personnel count and resources to discharge its mandate issuing three landmark fines of 15 million shillings in a span of 5 months. While issuing fines might not sound like a good thing, it is actually very important to start the real enforcement of the law and to show that the Office is serious. 

However, the Office is more than just a body issuing fines and is keen on building good relationships with all its stakeholders while promoting the right to privacy. In the episode, the panellists also discuss how small enterprises and organizations can engage and build a good relationship with the Office of the Data Protection Commissioner and other regulatory authorities.  

You can listen to the episode below:


Meshack Kukubo is a Legal Fellow at KICTANet


David Indeje information

Related Posts

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.