I am an advocate of the High Court of Kenya, solicitor of the Senior Courts of England and Wales (practicing freelance), a Professional Corporate Secretary, a Certified International Privacy Professional and a OneTrust Fellow of Privacy Technology .
I have extensive experience in advising organisations of all sizes on privacy and data protection laws ranging from telecommunication companies to e-commerce businesses. I am currently on panel of experts of OneTrust for Data Retention Guidance for Kenya.
I use secure cloud based legal technology to provide customised data protection solutions to my clients. I strive to build and foster long term relationships and regularly keep my clients informed of new developments, specifically in relation to this area of privacy law and data protection.
The Kenya Data Protection Act 2019 (DPA) was signed into law in 2019 on the 25th of November 2019. The Kenya DPA is similar to the European General Data Protection Regulation (GDPR) The DPA and GDPR are some of the strictest data protection laws globally. As most businesses and organisations process personal data, it is likely that the DPA, and perhaps for a multinational company, GDPR is applicable.
Below are some of the legal services I provide to clients for compliance with the DPA and GDPR.
Whether it is data protection for individual or businesses, I will make the process effective, efficient and simple so you can be assured of top service at all times.
Services under DPA and GDPR
Data protection laws and obligations applicable to client under the GDPR and Kenya Data Protection Act 2019(DPA 2019).
- Explanation of principles of data protection under the DPA 2019.
- Data subject rights.
- Obtaining consents from data subjects.
- Responding to data subject requests.
- Handling complaints and procedure.
Privacy Assessment (PA)
Privacy assessment measure an organization’s compliance with laws, regulations, adopted standards and internal policies and procedures.
- Data mapping and information flow.
- Assessment of what information is used, what it is used for, who it is obtained from and disclosed to, who will have access and any other necessary information.
- Identifying privacy and related risks arising from data mapping and assessment.
- Organisational risk (reputational, financial or data breach).
- Individual risk (security breach or damage caused by inaccurate data or security breach).
- Identifying and evaluating the privacy solutions.
- Addressing each identified risk with a view to eliminating or reducing the risk.
- Signing off and recording the PA outcomes.
- PA report for assessment and risk identification.
- Privacy risks signed off at each level of organisation.
Integrating the outcomes into the organisation’s working practices in Kenya.
Review of contracts with clients, data processors, employees and other third parties.
Kenya DPA 2019 requires imposes a legal obligation on controllers and processors to formalise their working relationship.
- Assessing and vetting each controller, vendor and third party with whom the client has contracts to ensure sufficient guarantees about the implementation of appropriate technical and organisational measures for compliance with the DPA.
- Reviewing existing contracts to determine the risk areas and areas of non-compliance.
Reviewing and drafting of the following policies and notices for the client.
- Privacy notices and policies.
- Employee policies.
- Data retention and Destruction policies.
- Implementing policies and monitoring compliance.
Training will include creating awareness internally within the organisation and externally with other stake holders
- Internal training – Identifying each department to be trained (marketing, HR, accounts) within the organisation.
- External training – Providing training for third parties or vendors of the clients and generally through brand marketing.
- Advocate of the High Court of Kenya
- Solicitor of the Senior Courts of England and Wales (practicing freelance)
- Certified International Privacy Professional-Europe (CIPP/E)
- OneTrust Fellow of Privacy Technology
- Corporate Governance Professional (ICSA – UK)
- Certified Company Secretary (Kenya)
- Commissioner for Oaths and Notary Public