SMEs, Saccos Urged to Fasten Data Privacy Laws Compliance
The 2022 Data Protection and Privacy Survey report by consultancy firm Ernst and Young showed that Saccos, non-governmental organizations (NGOs), research firms, and small and medium enterprises (SMEs) are lagging in compliance with data privacy laws.
Urging these entities to quicken the installation of technology that prevents data theft or destruction, train employees in compliance with the new data protection laws, and appoint data protection officers.
The survey follows a similar report released last year showing more than a fifth of Kenyan companies shared customer financial and personal information without consent. Hence a directive for the entities to seek registration as data processors or controllers with the Office of Data Protection Commissioner (ODPC).
According to the report, banks, insurers, telcos, and healthcare firms are leading in compliance with data privacy laws and registration, which has seen them reduce intentional breaches of personal information.
“Certain industries are aware (of their obligations), and we want those lagging, like SACCOs, NGOs, and others to catch up with the banks so that we do not have either intended or unintended selling of data or transfer of data,” said Ernst & Young digital, analytics and cybersecurity solutions partner, Robert Nyamu.
Further, he stated the need for Data Protection is mandatory to close the gap for theft of customer and employee personal information and transfer to third parties.
Data privacy compliance and registration are necessary for business operation and licensing as the regulator seeks to secure business data safety.