About Us
Who We Are
The Data Protection Act came into effect in Kenya in November 2019. This ushered the country into a new data privacy dispensation that aimed at ensuring Kenyans were empowered with enforceable privacy rights over their personal information, while providing clear guidelines for private and public institutions to handle their users’ data with care. The Kenyan Data Protection Act (DPA) applies to data controllers and processors and provides data subjects with certain rights and safeguards.
The Office of the Data Protection Commissioner (ODPC) is hence the designated government agency that is key to ensuring appropriate handling of personal data in Kenya as enshrined in the Data Protection Act (DPA) of 2019.
Mandate of the Office
The mandate of the Office of the Data Protection Commissioner derived from the Data Protection Act 2019 and includes;
- Regulate the processing of personal data;
- Ensure that the processing of personal data of a data subject is guided by the principles set out in section 25 of the Act;
- Protect the privacy of individuals;
- Establish the legal and institutional mechanism to protect personal data; and
- Provide data subjects with rights and remedies to protect their personal data from processing that is not in accordance with the Act
