BDO East Africa, an accounting, tax, and advisory firm is at the forefront, with well-regarded and tested inhouse expertise and technology, to provide data protection services and consultancy as the new data regulations come into effect.
BDO, through BDO IT Consulting Ltd, an affiliate firm that offers data protection services and related technology solutions, is set to offer programmes, solutions and consultancy to businesses that collect personal data, enabling these firms to comply with recently published data regulations.
“Companies that collect personal data will need to invest in data protection strategies and put in place necessary controls to protect personal information as per the new regulations. BDO IT Consultancy is working on training programs and other services to make businesses prepared,” said BDO East Africa CEO Sandeep Khapre.
BDO IT Consultancy has already set up a webinar training for companies that is set to take place on March 9, 2022, where the consultancy will show best strategies that firms handling personal data can implement to make them compliant with the recently published regulations.
Mr. Khapre added that BDO IT Consulting is also exploring the use of its global expertise on Privacy Impact Assessments, Data Protection Impact Assessments and Data Protection Officer services for clients in the Kenyan m arket. BDO IT consulting has been providing consultancy services to many companies across the East African region to comply with local data protection regulations including the most stringent GDPR regulation.
“Globally we have offerings that can manage data processes for businesses which ensures that both firms and customers are guaranteed that their personal information is properly managed.”
The regulations, under the Data Protection Act, 2019, are intended to regulate the processing of personal data, provide for privacy rights to individuals and set obligations for personal data holders.
Under the regulations personal data is defined as any information that can identify a subject including an ID number, email address, phone number or physical address.
The regulations were published in three parts, the Data Protection (General) Regulations, 2021, the Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021 and the Data Protection (Registration of Data Controllers and Date Processors) Regulations, 2021.
The regulations also guide data collectors and processors on what they can and cannot do with personal data including activities such as marketing and sharing of personal information while providing legal mechanisms to address cases where data is not used for the intended purposes.
The regulations will come into effect once they are passed by the relevant committees of the National Assembly and finally gazetted.