The Kenya Data Protection Act 2019: What It Means for Your Organization
When Kenya's Data Protection Act 2019 came into force, it created legal obligations for any organization that collects, stores, or processes personal data - and that includes virtually every membership organization in the country. Whether you run a small chama with 20 members or a large alumni association with 10,000 graduates, if you hold member names, phone numbers, ID numbers, or financial records, you are a data controller under the Act.
Failure to comply with the Act can result in significant penalties imposed by the Office of the Data Protection Commissioner (ODPC), as well as reputational damage if member data is breached or misused.
