Businesses have a duty to protect personal information

By People Daily, January 28, 2020

Barry Cook

We share a lot more information in the digital world than we used to. Businesses, organisations, close family, friends and acquaintances- all have access to some of our important personal data.

Anyone who has this information needs to protect it and make sure it is not abused, sold, or falls into the hands of a criminal.

The Data Protection Day is celebrated on January 28 which is the ideal time to find out which data protection laws are in force in Kenya, and how companies and institutions are implementing them.

Data protection laws make sure your data is used only for the purpose you shared it. They stipulate how data must be stored, used and when necessary purged.

In addition, they regulate the sharing of personal information, making sure personal details are only shared if there is a lawful reason, such as explicit consent or a public interest, like in the case of preventing a crime.

One of the most well-known data protection laws is the General Data Protection Regulation (GDPR) that was adopted by the European Parliament in 2016.

The regulation outlines the restrictions on data handling and sharing by government and corporations.

GDPR regulations protect the privacy and personal information rights of individuals. Data breaches can attract heavy fines.

A case in point is when one of the Big Four technology companies was fined EUR57 million for breaching online privacy rules at the beginning of 2019.

GDPR raises the standards of personal data privacy across not just Europe, but also the world, by changing the rules of companies that collect, store or process user information.

Every company that operates in Europe, trades with Europe, or has European users is required to comply with GDPR standards.

Approximately 100 new data protection laws have been put into practice across the globe in the last 12 months, with many countries implementing data protection laws for the first time.

This is not only to align with the GDPR, it is also because consumers are holding companies accountable for the information they hold, and how they use, abuse or lose it.

Consumers are putting pressure on businesses to secure their personal information. Countries are realising that if they want to protect industries, they have to create a sound framework for data protection.

Kenya approved a data protection regulation that closely aligns with the GDPR at the end of 2019. The regulations allow for hefty fines on non-complaint companies and apply to businesses and any institution that has access to personal information.

Known for its wide use of M-Pesa, a mobile money transfer system, companies in Kenya have access to large amounts of personal information. The country is also developing its tech hub, with outside investors requiring assurance data breaches and data loss won’t be problematic.

Kenya’s data protection regulations give customers’ protection so they know there are systems in place to ensure their data stays private and confidential.

Because VFS Global complies to the requirements of the GDPR, in fact we were amongst only 15 per cent of global companies to be GDPR compliant when the regulation came into effect, we effectively meet the Kenyan data protection regulation requirements.

When customers give companies their information, they are giving them their trust that they will in turn protect data.

Having a data protection system and following data protection laws shows that you take this trust and the responsibility for the data you have seriously. Businesses that embrace data protection laws and implement them have a competitive edge over those who don’t.

It is imperative that all companies – big and small ensure the data they hold is protected.

We may only hear about the breaches at big business, but hackers are increasingly targeting smaller businesses, because they know these organisations are less likely to have protection mechanisms in place.

Countries and companies that don’t yet have data protection systems in place are encouraged to set these up. Business thrives because of how it uses data but will only sustain if it protects data. — The writer is the Privacy and Group Data Protection Officer at VFS Global

More Articles

Inside Ruto’s game plan to ringfence North Eastern ahead of 2027 polls

Kenya Red Cross: 85,993 households affected in 41 counties as El Niño fears grow

Study reveals how EAC is becoming China’s new steel frontier as global manufacturing shifts

Revealed: Why Ruto’s construction boom is fueling foreign steel factories instead of Kenyan jobs

Ruto’s affordable housing push faces hidden threat as global steel crisis deepens, report