The Data Protection Act 2019 fundamentally changes the way marketing departments and organisations process personal data of prospective and current clients.
Direct marketing by organisations must demonstrate that the data processed for marketing meets the lawful criteria of data processing principles. Personal data used for marketing cannot be collected, used or stored in a manner which is not reasonably expected by an individual whose data it belong to. The Data Commissioner’s office requires all organisations, irrespective of size, to demonstrate and be accountable for all personal data processed. Fines and damages for misuse of data can be enormous and can cause mistrust and reputational issues.
The Kenya Data Protection Act 2019 is very similar, in substance and nature to the United Kingdom’s General Data Protection Regulation.The UK’s Information Commissioner’s Office has issued a comprehensive guide to direct marketing. Consent from individual whose data is being processed is cornerstone to processing personal data for direct marketing. Implied or presumed consent is prohibited and consent must be clear, specific and unambiguous, and there must be time limits for processing data for marketing. It is therefore key to ensure that rules surrounding consent of data subjects are adhered to.
In the course for Data Protection and Marketing we will cover the following areas.
– Overview of the Data Protection Act
– The difference between a Data Controller and Data Processor, providing relevant marketing examples
– Principles of Data Protection, providing relevant marketing examples
– Lawful basis for processing data for marketing purposes
– Individual (Data Subject) rights
– Individual (Data Subject) Access Requests (DSAR’s)
– Consent from the customers for both digital and direct marketing
– Customer contracts for marketing
– Call and correspondence records
– Enforcement and breach notifications
– Office of the Data Protection Commissioner
If you need additional bespoke data protection training, please contact me and I will be happy to design a program suitable for your organisation.
Amit Gadhia
- Advocate of the High Court of Kenya
- Solicitor of the Senior Courts of England and Wales (practicing freelance)
- Certified International Privacy Professional-Europe (CIPP/E)
- OneTrust Fellow of Privacy Technology
- Corporate Governance Professional (ICSA – UK)
- Certified Company Secretary (Kenya)
- Commissioner for Oaths and Notary Public
