Building trust — engaging data privacy in Kenya

Jose Almeida
4 min readSep 12, 2019


Kenya is undergoing a series of changes in the data privacy regulations, and Kenyan companies are completely off guard as these changes are turning up faster than the organizations can adapt to it.

Regulations like the Data Protection Bill or new rules from the Central Bank of Kenya, are putting an enormous pressure on organizations, creating an entirely new reality to which organizations need to adapt fast.

Ensuring you comply with the Data Protection Bill can open the door to additional benefits attainable in understanding and protecting customer data. It’s a mistake for organizations to view compliance just a financial burden. There are real benefits. Organizations must see it as an opportunity to transform their approach to customer data and not simply as a matter of compliance.

At first glance the Data Protection Bill presents a series of challenges, effectively raising the bar for the protection of privacy and the lawful processing of data.

But problems provide opportunities, and efforts to comply with the Data Protection Bill can bring several benefits for organizations, going beyond data processing to the delivery of better services and outcomes.

Once in place the Data Protection Bill will change the balance of privacy rights against the free flow of data. People will have the right to ask for the data an organization holds on them, for it to be transferred or erased on their instruction, and to prevent it being shared with other organizations.

It will introduce new rules on what constitutes the lawful processing of data, with an emphasis on explicit and unambiguous consent from the subject and extending to any third party responsible for the processing. Requirements and penalties.

There will be requirements for a public authority to have a data protection officer, to carry out risk assessments on the processing of sensitive data, and to report any data breaches within a specific timeline. Along with all this there will be punitive penalties for organizations that fail to comply.

These are significant challenges, but it must be understood that they come in response to the explosion of personal data that has come with the emergence of digital technology and the internet, and amount to significant steps forward in personal privacy rights.

Organizations need to recognize the challenges, but they should also be able to identify significant opportunities. It is an area that a solid data strategy, helps them realize the benefits.

What you don’t know will hurt you

The most urgent to address is to know exactly what data the organization has, on whom, where it is kept. Only after an organization has knowledge about its data, knowing it across the silo ecosystem, being able to do full lineage of the data, and fully understand its life-cycle.

Only then it can move to address data subject access rights, consent, breach response, data processing record keeping, and more.

At this point instead of fighting the siloed ecosystem, that is still the major challenge for any analytical initiative but also the natural evolution of every large organization, it’s the moment to govern the data, regain control over the data’s quality, origin, ownership, the key elements of a successful data governance program. Data dictionaries, business glossary, and data lineage, defining data and terms across all business units, providing information about the source, age, and inter-dependencies of data, laying out the sources of data, it’s usage, relationships between data sources, data quality dimensions and scores, data owners and stewards.

The bottom line — Trust

In industries dependent on attracting and keeping customers, that handle and work with customer data, it essential to have clear objectives when approaching this challenge. Data protection might be considered a compliance issue, but the risks are higher than compliance.

There’s a growing trend for customers to prefer companies that have an ethical approach to data. The view of the Data Protection Bill being just a compliance issue, might hold organizations from following a market tendency that is gaining strength.

Organizations that can show they are ethical and responsible about their customers data, will be gaining a competitive edge against their competition and getting their customers support in the process. Compliance with the Data Protection Bill is just the beginning of this process.

The existence of a clear data strategy, with focus on trust, based on ethical and transparent data practices, making sure that customers know how, when and for how long their data will be used is an opportunity to make customers buy in to an organization, its culture and principles instead of just products.

Something else is also changing, the customers are losing their tolerance for data security failures and the awareness for these issues is growing, as some recent cases have shown (Cambridge Analytica and Facebook), and the probability to stop doing business with organizations that mishandle or are negligent data is greater than ever.

Originally in:



Jose Almeida

Data Consulting and Advisory MEA - Driving better insights through better data (