Empowering Data Protection: MobiFour Technologies Limited Secures Data Processor Registration Certificate in Kenya
In an era where data privacy is paramount, MobiFour Technologies Limited takes a significant leap forward by proudly announcing the attainment of the Data Processor Registration Certificate from the Office of Data Protection in Kenya. This achievement is a testament to our unwavering commitment to safeguarding the privacy and security of the data entrusted to us by our clients.
We also play our part as a Data Processor in ensuring a transparent and accountable data processing ecosystem which encourages the upholding and safeguarding of the privacy rights of persons in Kenya.
The Significance of Data Protection
Section 18 of the Data Protection Act, 2019 and Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021 require that all public and private organizations and individuals processing personal data register with the ODPC.
In today’s digital landscape, where data fuels innovation and drives business decisions, protecting the integrity and confidentiality of information is more crucial than ever. Data protection is not merely a legal obligation; it is a commitment to building trust with our clients and stakeholders.
What is personal data?
Any information relating to an identified or identifiable natural person. For example, a person’s full name, identity card number, date of birth, gender, physical and postal address, phone number, location data and online identifier. Personal data can also be information about what a data subject looks or sounds like, for example, biometrics, genetic data, photos, audio or video recordings.
What is sensitive data?
Under the Data Protection Act, 2019 (DPA), this means data revealing a person’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of a person’s children, parents, spouse or spouses, sex, or sexual orientation. It is personal data that requires additional protection due to the high risk an individual is likely to face if it is accessed by unauthorized persons/ entities.
What are a data processor and a data controller?
A data controller is an entity that determines the means through which personal data gets processed, and for which purpose. A data processor is an entity that processes personal data on behalf of the data controller.
The Role of a Data Processor
As a Data Processor, MobiFour Technologies Limited plays a vital role in ensuring that personal data is handled responsibly and following the highest standards of security. This Registration underscores our dedication to transparency, accountability, and the ethical processing of data.
Key Regulatory Implications
It’s crucial to delve into the key implications of the country’s robust data protection regulations. These regulations, designed to uphold individual privacy and data security, significantly impact how businesses handle and process personal information.
- Explicit Consent Requirement: it is now unlawful to collect, process, or disclose an individual’s information without their explicit permission.
- Prohibition of Unauthorized Data Sale: it is illegal to sell any personal data without the express consent of the data subject.
- Mandatory Registration- To operate within the legal framework, businesses processing people’s data must be registered with the office of the data commissioner.
- Compliance with the Data Protection Act: includes honoring the ‘right to be forgotten,’ granting individuals the right to request the deletion of their personal data under certain circumstances.
- Prompt Data Breach Notification- In the event of a data breach, businesses must notify the Data Protection Commissioner’s office within 72 hours.
- Restrictions on Cross-Border Data Transfer-Most types of data concerning Kenyan citizens cannot be moved outside the country without their explicit permission.
Registration Process
The process of obtaining the Data Processor license required us to do an Online application through the link ODPC Portal https://dataportal.odpc.go.ke/.
The requirements for registration are as follows:
1.Completion of the prescribed application form.
2.Copy of the establishment documents.
3.Particulars of the data controllers or data processors including name and contact details.
4.A description of the purpose for which personal data is processed.
5.A description of categories of personal data being processed.
6.You will be required to pay the prescribed registration fees depending on the company size and Annual Turnover.
A certificate of registration is issued within 14 days and an entry of the details of the applicant is made in the register of data controllers and data processors once the Data Commissioner is satisfied with the application. The certificate of registration is valid for 24 months from the date of issuance.
If the data commissioner is dissatisfied and rejects the registration application, the Data Commissioner shall notify the applicant within 21 days and provide reasons. Where the application had been declined, the applicant may make a fresh application.
Non-Compliance
Under the Data Protection Act, the Data Commissioner may serve an enforcement notice on a person who has failed to comply with any provision of the Act.
The Data Commissioner may also serve a penalty notice to a person who has failed to comply with an enforcement notice requiring the person to pay the amount specified in the notice.
The maximum amount of the penalty is up to KES. 5 million or in the case of an undertaking, up to 1% of its annual turnover of the preceding financial year, whichever is lower.
Commitment to Data Privacy
At MobiFour Technologies Limited, data privacy is not just a legal requirement; it’s a core value embedded in our corporate DNA. We go beyond the regulatory mandates to ensure that the data we handle is treated with the utmost care and respect. Our commitment to data privacy extends to continuous education, training, and the adoption of cutting-edge technologies to enhance security measures.
We always encourage our clients to ensure that they have gotten consent from their customers to send them any Bulk messages as per the Data Protection Regulations. This helps ensure that a higher percentage of messages will be delivered without being marked as SPAM and to avoid any complaints being raised to the regulator.
In conclusion, MobiFour Technologies Limited is proud to have received the Data Processor Registration Certificate, marking a significant step forward in our commitment to data protection. We believe that this milestone reinforces our dedication to our clients, partners, and stakeholders, assuring them that their data is in safe hands.