Amid fast Big Data growth, get protection

data protection Act

The data protection Act gives guidelines in many areas of personal information handling.

Photo credit: Shutterstock

Globally, 2.5 quintillion bytes of data is produced daily at our current pace. Predictions from global data experts showed humans will produce and consume about 94 zettabytes of data by the end of last year.

In next 5-8 years, data will be the top-list valuable commodity and, therefore, its protection, privacy and security is very important.

Saturday is Data Protection Day, which is now celebrated globally. On this day, governments, parliaments, national data protection bodies and other relevant actors carry out activities to raise awareness of the right to personal data protection and privacy. These may include campaigns targeting the general public, educational projects for teachers and students, open days at data protection agencies and also conferences.

In November 25, 2019, the Data Protection Act came into effect and is now the primary law on data protection in the country. The law is far-reaching and has a significant impact on how the government, organisations, banking sector and companies process data. The data protection regulations have several key implications, as highlighted below.

Personal data

One, it is unlawful to collect, process or disclose a data subject’s (individual person) information without their permission. Two, it is illegal to sell any personal data without express consent. Three, if you process people’s data, you must be registered with the office of the data commissioner. Four, you must comply with the rules in the Act, including the so-called ‘right to be forgotten’.

Five, you must notify the data commissioner’s office within 72 hours of a data breach. Six, most kinds of data about Kenyan citizens cannot be moved outside the country without their permission. Seven, penalties for non-compliance are significant. The maximum fines reach Sh5 million or one per cent of a business’s annual turnover.

This Act is similar to the EU’s GDPR. Firms—especially financial service entities, fintechs and Big Tech—will be required to request consent from consumers to use their data and inform them of reasons for data collection and storage.

Data privacy

As the Office of the Data Protection Commissioner (ODPC) gears towards full implementation and formulation of the Act, a national awareness framework of data protection to the public is highly necessary. Ensuring that employees are fully trained in the nuances of data privacy and security is critical.

Data is one of the most important assets. It is recommended that every organisation employ certified data protection officers (CDPOs). Data protection should be a top priority. That includes guarding the availability of the data to employees who need it; and the integrity of the data (keeping it correct and up to date) and confidentiality (the assurance that it is available only to authorised persons).

With the fast advances in technology, data sources—such as citizen-generated data (CGD), mobile data, geospatial data and Big Data—have become increasingly relevant and must be protected.

Mr Kimeu is a cloud governance specialist and cybersecurity consultant. [email protected].