Businesses and organisations that collect, store, or process personal data risk fines of up to Ksh5 million.
This comes at a time when the government intensifies enforcement of data protection registration requirements.
The Office of the Data Protection Commissioner (ODPC) has therefore urged eligible entities to register as data handlers or data processors in line with the country’s Data Protection Act.
According to the regulator, organisations that fail to comply with the registration requirements could face action, including substantial financial penalties and other sanctions.
“Non-compliance comes at a cost. If your organisation handles personal data, the Data Protection Act requires eligible entities to register with the ODPC,” the regulator warned.
The notice targets businesses, government and non-government agencies, religious bodies, and other entities that handle personal information belonging to customers, employees, suppliers, students, patients, or other members of the public.
Additionally, the notice specifically targets hospitals, banks, schools, Cooperative Societies, telecommunications companies, transport operators, marketing companies and other organisations that handle people’s data.
These entities collect data such as names, phone numbers, email addresses, national identification numbers, biometric information, financial records, and medical data.
“Take the necessary steps to stay compliant. Registration is mandatory, and there will be enforcement for non-compliant companies with a fine of up to Ksh5 million,” the Commissioner added.
The Commission noted that registration helps strengthen accountability by ensuring organisations adopt proper safeguards when collecting, storing, and processing personal data.
