Violation of Data Regulations to Attract up to Sh5 million Penalty as Parliament Passes Bill

Data Protection Regulations
Photo Courtesy

Parliament approved a set of data regulations last week requiring all handlers and processors to register with the office of the Data Protection Office. Companies that violate the privacy laws will now be subject to the full force of the new data legislation.

The national assembly passed the data protection (General) regulations 2021, the Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021, and the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021.

A firm found in violation of the new data restrictions could face fines of up to one percent of its annual revenue.

“In relation to an infringement of a provision of this Act, the maximum amount of the penalty that may be imposed by the Data Commissioner in a penalty notice is up to five million shillings, or in the case of an undertaking, up to one per centum of its annual turnover of the preceding financial year, whichever is lower,” the data Act reads in part.

Read: Kassait Assures Kenyans that Data Held in Government Institutions is Secure

The  organizations will be required to examine their data privacy policies in order to make them more understandable and demonstrate compliance.

The Office of the Data Protection Commissioner was established under section 5 of the Data Protection Act 2019, which President Uhuru Kenyatta signed into law in November last year.

The data protection regulations 2021, together with the complaints handling regulations, went into force on March 14. The registration of data controllers and processors will go into effect on July 14, 2022.

Read also: Majority of Kenyans Unaware of The Existence of the Data Commissioner’s Office- Report

The Data Protection Act requires all processors to handle personal information lawfully, fairly and in a transparent manner. The data handlers will also be required to inform clients on the use of their data and correct or delete any false representations about them.

Sensitive data such as health status, marital status, sexual orientation, ethnicity, biometric data and names of children are also guaranteed special safeguard in the Act.

Additionally, the transfer of personal data out of Kenya is prohibited unless the data processors obtain express permission and prove that the information will be protected against misuse.

Email your news TIPS to or WhatsApp +254708677607. You can also find us on Telegram through

Written by Vanessa Murrey

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

MCA aspirant

Reactions as UDA Politician Resurfaces After Skipping Traditional Wedding, Claims Memory Foggy

Lady screaming Probox

Probox Driver In Viral Video Speeding with Screaming Female Passenger Arrested