- Entities excepted have annual revenue below Sh 5 million and have less than 10 employees.
- The firm has implemented safeguards, security measures and mechanisms so as to be able to swiftly react to any potential data breach.
Image: REUTERS/Thomas Mukoya/Illustration
Digital fintech company, Tala, is now a registered data controller in Kenya.
Tala has received the green light from the Office of Data Protection Commissioner (ODPC) to control the processing of data.
It has also received a go-ahead to determine the purpose, means of processing data and instruct another legal, certified and regulated third-party entity to process data on its behalf.
All entities handling the personal information of individuals residing in Kenya are required to register as data controllers or processors, actualizing the provisions of the Data Protection Act, 2019.
Registration requirements are subject to the annual turnover and number of employees of an entity with an exemption of certain entities that must register regardless of these requirements.
The entities exempted from the mandatory registration under the registration regulations are those whose annual revenue is below Sh 5 million and has less than 10 employees.
Under the law, sharing or offering for sale personal information could land those responsible for their safe storage in jail for up to six months or fines of up to Sh 5 million.
As of September 2, ODPC had issued 332 entities with certificates of registration whereas 805 were yet to complete the registration process by making their payment.
While acknowledging the accreditation, Munyi Nthigah General Manager Tala reiterated that the company, being a digital fintech institution, only asks for data legitimately.
Nthigah said that the data is needed for consumers to access Tala products such as loan underwriting and provides full disclosure as to how it uses consumer’s data in it’s privacy policies.
“All information Tala collects during the application process is used exclusively to verify the customer’s identity and build their credit profile,” he said.
Nthigah also said that Tala never shares or sells customers’ personal information with third parties except towards those ends and with express customer permission.
“This is a great milestone for our company, especially as we diversify our product portfolio and expand across markets,” he added.
At the core of its consumer data protection policies, Tala has implemented safeguards, security measures and mechanisms so as to be able to swiftly react to any potential data breach.
“It is important that we inform our customers that they have the right to request for access to, clarification, restriction, rectification or deletion of their personal data from our records,” Nthigah said.
“Our customer experience team is committed to responding to such requests promptly and within timelines provided for by the Data Protection Act.”
Nicola Muriuki, Legal Director Tala urged the company’s 3.5 million customers to take and familiarise themselves with their data rights.
“It is important that Kenyans understand their data rights as written on the ODPC website and as Tala’s customers via Tala’s app privacy notice available in-app and the website,” she said.
Nearly three billion people globally are under-served by the formal financial system, with little to no options to support their financial agency and independence.