Go Ye And Regulate The Processing Of Personal Data

The subject 'data privacy, processing, and regulation' is a famous one right now in Kenya, just months after the country appointed a data...


Go Ye And Regulate The Processing Of Personal Data
Humphrey Odhiambo, Head of Partnerships & Content at CIO East Africa, moderates a panel discussion on data privacy and protection.

The subject ‘data privacy, processing, and regulation’ is a famous one right now in Kenya, just months after the country appointed a data commissioner following President Kenyatta signing into law the Data Protection Act.

A lot has indeed been said with much more still speculated but what remains clear is that the increasingly growing remote workforce has increased the amount of personal data being accessed online.

Companies across all industries are now more than ever, under the pressure to become more data-driven by expanding their customer data analytics initiatives. However, these initiatives sometimes conflict with – and can be stymied by – evolving data privacy regulations if not proactively dealt with.

At the just-concluded East Africa Cloud and Security Summit, a panel deliberated on data compliance and how to enable analytics while enabling data compliance.


Speaking at the 2-day virtual forum, Elaine Thuo, a Data Protection & Privacy Consultant vividly noted that data is the key driver of innovation and that its manipulation and exploitation has been used to obtain economic benefits by a few groups of people and amass power to few companies.

She said, “Personal data enables organisations to have an idea of the customer preferences and can therefore use this information to tailor-make customer experiences. However, this is not the case for all organizations.”

She, however, observed that regulating this one very vital component of any organisation has been met with several challenges including resistance by organisations, negative perception, and the lack of knowledge and awareness among others.

Also speaking at the panel was Stanley Chege, Group CIO, Jubilee Insurance who opined that data privacy and protection seeks to create checks and balances on the system to innovate using personal data and not to stifle innovation.


The evolving data privacy regulations such as the General Data Protection Regulation (GDPR) and the
Kenya Data Protection Act create compliance challenges making many organisations to face the critical obstacle of building customer data analytics initiatives.

The CPO Magazine recommends the following strategies to companies to steer the journeys of being data-driven while protecting the said data.

Taking a comprehensive approach to data privacy compliance
Approaching analytics projects with data privacy in mind
Being transparent with consumers about data privacy rights

The magazine article further urges companies to be proactive and transparent about how they use sensitive data and to demonstrate how they are acting ethically and responsibly with their customers’ data.


“It is increasingly unrealistic and counterproductive to burden customers with the responsibility of reading reams of privacy notices to try to figure out whether a company is acting ethically,” the article reads in part.

The panel was moderated by Humphrey Odhiambo, Head of Partnerships & Content at CIO East Africa. Other panelists who also shared very insightful observations include Hartnell Ndungi, CDO, ABSA, Kenya, and Philip Ndegwa, Principal Solutions Consultant at Oracle.

Do you have a story that you think would interest our readers? write to us