Data Protection Compliance with Mycomplykit.com
For the four largest firms in the world-Apple, Amazon, Facebook and Google, data is the main source or object of their business. Between 2011 and 2020, the volume of data in the world (the so-called datasphere) increased from 1.8 to 59 zettabytes (1 ZB = 1 billion TB); in 2025, it is expected to reach an astonishing 175 ZB. Data has become one of the most valuable commodities in the world and this has caused countries to put in place laws to protect the privacy of that data.
In 2019 Kenya enacted the Data Protection Act. The Act makes provision for the regulation of the processing of personal data, provides for the rights of data subjects and puts in place obligations of data controllers and processors. As lawyers practicing in the data protection and privacy sphere, we realized that after the enactment of the Data Protection Act small and medium-sized businesses in Kenya were not aware of their obligations under the Act and had therefore not done anything to comply with the law.
When we went a step further and did some research, we came across the following information:
2. Kenya experiences approximately 11.7 Million cyber-attacks every month, putting millions of personal data records at risk.
3. Law firms were charging up to Kshs. 500,000 to help companies comply with the Data Protection Act.
We also realized that it would be beneficial for businesses to comply with data protection laws for the following reasons:-
1. Transparency builds trust and trust builds customer loyalty. The right data protection policies should clearly outline how the business collects, uses and shares data. This shows the customer they can trust the business because they have the mechanisms and procedures in place to protect their personal data.
2. Implementation of a good data protection policy acts as a guide to compliance with the Data Protection Act and helps businesses avoid fines for non-compliance. Failure to comply with Data Protection Act could result in fines between Kshs. 3 million (USD 28,000) and Kshs. 5 million (USD 47,000). For small and medium-sized businesses, a fine of this magnitude could put them out of business.
With this information, we decided to create a website where we could educate business owners on their obligations concerning data protection and the requirements under the law. In addition, we provide easy, affordable access to compliance tools by availing well-researched policies on the website that a company can apply to guide them on how to manage data subject rights, and assess plus manage data risks within the organization.
At mycomplykit.com we offer the following solution:-
Self-assessment test
This test is offered for free on our website. Any person can take the test and determine whether or not they are a data processor or data controller so that they know whether they have obligations under the law. Then they can answer a few questions to determine their level of compliance and get information on what they need to do to comply.
Policies
Based on the Self- Assessment Test you would be able to purchase suitable policies to adopt in the organization. These policies are meant to act as a guide to the business on how to apply practices that will protect the personal data they collect. The policies available on our website are:
a. Internal Data Protection Policy- This is to be applied within the business or organization in order to guide members of staff who handle or work with the personal data collected on how to handle personal data.
b. Data Retention Policy- This policy is applied within the organization as a guide to how the personal data collected is kept.
c. Cookies Policy- This is to be posted on a website informing visitors to the website what cookies are used to collect personal data and what that data is used for.
d. Internal Data Handling policy- This policy includes steps to be taken by the organization and forms to be filled by the data subject in the event of a data subject request such as the request to rectify or delete data.
e. Privacy Policy- This is a customer-facing policy to inform the customer what personal data is collected, how that data is used, and the measures put in place by the organization to protect that data.
A User may opt to request to have these policies customized to better suit their organization’s needs. Where the customization request is made, the organization will be required to provide some additional information by answering specific questions to enable us to customize the policies.
There is also the option to request an appointment and at this point, a meeting with the legal experts is set up which enables interested organizations to obtain additional information and any other customized services.
Our goal was to provide a solution that is practical and affordable for any business operator. Visit www.mycomplykit.com today to find a solution that works for you.
Article by Nzilani Mweu and Elizabeth Moturi