The Office of the Data Protection Commissioner is an office established by section 5 (i) of the Data Protection Act, 2019. It is designated as a State Office in accordance with Article 260 (q) of the Constitution.
President Uhuru Kenyatta has poposed Immaculate Kassait for the post.
Ms Kassait is a former Independent Electoral and Boundaries Commission (IEBC) director in charge ofvoter registration and election operations. She beat 9 others who had been shortlisted; they include Communications Authority of Kenya (CA) interim director general Mercy Wanjau, Kemu University deputy vice-chancellor David Gichoya, and ICT Authority deputy director Thomas Odhiambo are also eyeing the new seat expected to set new standards on how personal and company information is handled, stored and shared; University of Nairobi Computer Science lecturer Brian Gichana, lawyer Anthony Akelo, Universal Services Advisory Council member Dr Kennedy Okong’o, and a former National Police Commission member Murshid Mohamed, a Neural Networks in predicting quality metrics for component-based software systems engineer Dr Tobias Mbithi and the National Taskforce on Data Protection member John Walubengo.
The Public Service Commission (PSC) conducted interviews in July.
The new office that will look into data privacy and protection matters comes eight months after President Uhuru Kenyatta assented to the Data Protection Act on November 8, 2019.
Communication Authority of Kenya (CA) quest to recruit a substantive DG has been halted severally since August last year, the latest being that by the Information Communication Technology Association of Kenya (ICTAK) who moved to court accusing the communications regulator of manipulating the recruitment process.
Kassait is now awaiting vetting by parliament.
The Functions of the Office of the Data Commissioner are provided in Section 8(1) of the Data Protection Act and shall include:
- overseeing implementation of and being responsible for enforcement of the Data Protection Act,
- establishing and maintaining a register of data controllers and data processors;
- exercising oversight on data processing operations and verify whether the processing of data is done in accordance with this Act;
- promoting self-regulation among data controllers and data processors;
- conducting assessment for the purpose of ascertaining whether information is processed according to the provisions of the Act or any other relevant law;
- receiving and investigating any complaint by any person on infringements of the rights under the Act;
- taking such measures as may be necessary to bring the provisions of the Act to the knowledge of the general public;
- carrying out inspections of public and private entities with a view to evaluating the processing of personal data;
- promoting international cooperation in matters relating to data protection and ensure country’s compliance on data protection obligations under international conventions and agreements;
- undertaking research on developments ¡n data processing of personal data and ensuring that there is no significant risk or adverse effect of any developments on the privacy of individuals; and
- performing such other functions as may be prescribed by any other law or as necessary for the promotion of object of the Act.
Kenyan Business Feed is the top Kenyan Business Blog. We share news from Kenya and across the region. To contact us with any alert, please email us to [email protected]