100 days in office: Data commissioner outlines priorities

The office of the Data Protection Commissioner (ODPC) on Wednesday launched its 100 days status report since its establishment highlighting key achievements towards safeguarding data privacy rights.

Data commissioner Immaculate Kassait said so far her office has developed six products including two guidelines, one manual and a service charter.

The other two products are operational interactive website, social media platforms as we all the Office’s brand identity.

She said the 100 days achievement is based on a one-year operational plan with 12 priority areas that fall broadly into four categories namely establishment of internal structures, development of operational framework including general regulations, awareness creation and stakeholder consultation as well as promoting international co-operation.

Speaking at the launch of the status update, Kassait said the six products include Draft Guidelines on Obtaining Consent from Data Subjects, Draft Manual on Complaints, Draft Citizen Service Charter and Draft Guidelines on conducting data impact assessment.

Others are Operational interactive website and social media platforms, and Brand Identity.

“The Data Protection Act 2019 provides a framework to place Kenya in the global and regional map as the Silicon Savannah. We have an opportunity to take back control of our data privacy. The time has come to ask; why do you need the personal information and what will it be used for,” she said.

According to Kassait, the Citizen Service Charter identifies the core services that the Office of the Data Protection Commissioner offers and sets out standards that the Office commits to serving the customers.

This Charter has been developed with the objective of defining who the Office of the Data Protection Commissioners are in terms of customers, services offered and standards of delivering these services.

Further, the Charter sets out the service standards and outlines the rights and obligations of the customers.

“Specifically, Service Charter aims to enhance our Customers’ awareness on the services the office provides, inform our Customers the standards of services they should expect from the office, outline Customers’ rights and responsibilities, explain our rights and responsibilities as a service provider and describe how our Customers can lodge complaints and make suggestions about our service delivery,” she said.

With regards to the complaints Management Manual, she said it gives details of how complaints will be received and handled by the Office of the Data Commissioner.

The Manual further provides for what information is required to be provided by a person making a complaint and attaches a complaints form, how to make a complaint and how a complaint is processed through the Office.

“The Data Protection Act provides for consent from an individual as the key lawful basis for which Organisations can rely on to collect and process an individual’s personal information.  The Data Protection Act states that processing should be subject to an individual’s consents to the collection and processing for one or more specified purposes,” she said.

Further, the Act makes provision for when consent should be obtained from data subjects.

Kassait said the Guidelines were developed to assist organisations to understand their obligations under the Act and understand and appreciate their obligations as relates to obtaining Consent and to give practical guidance.

On guidance Note on Data Protection Impact Assessment, she said the Data Protection Act 2019 requires entities collecting personal information of individuals to undertake a Data Protection Impact Assessment and submit to the Office of the Data Protection Commissioner in the event that the processing of the information presents a high risk to the individual.

These guidelines were developed to assist organisations to understand their obligations under the Act and appreciate the need to undertake a Data Protection Impact Assessment.

The guidance note provides practical guidance to organisation is so far as to when Data Protection Impact Assessment is to be carried out and submitted to the Office pursuant to the provisions of the Act and what details need to be included in the Assessment.

ICT CS Joe Mucheru in his remarks said there is a great need for safeguarding data privacy and guaranteed maximum support.

“My Ministry recognizes the importance of the Office of the Data Protection Commissioner and will continue to walk the journey with the Data Commissioner even past these 100 days and ensure our full support,”  Mucheru said.