Information, Communications and Technology Cabinet Secretary Joe Mucheru has urged corporate organisations to embrace data protection and compliance as the government seeks to expand the market opportunities and cooperation in the region.
While officially opening a data protection and compliance conference organised by UK based Johan Consults, CS Mucheru said the government is working on Smart Africa Alliance where over 37 African countries are coming together to create a single digital market where there’s no roaming charges.
“We want a situation where data charges are the same through Africa continental free trade area creating a market of 1.4 billion people to compete globally”, he said.
Data protection is a set of strategies and processes used to secure the privacy, availability, and integrity of data. It prevents information of any organization or individuals from fraudulent activities such as hacking, phishing, identity theft, and other related activities of cybercriminals.
Johan ICT, Managing Consultant Akin Oyegoke says the UK-based platform will offer integrated audit and compliance implementation services that will guide organizations towards aligning their business processes with the provisions of the Kenya Data Protection Act which was enacted in 2019.
The country’s data Protection act and even global data privacy practices is quite a complex issue and there is an urgent need to educate organizations and individuals in understanding and implementing the dynamic compliance requirements. In Kenya, all organizations have been given up to 14th July 2022 to comply with all the requirements of data protection and compliance.
“Any organization that wants to work effectively needs to ensure the safety of their information by implementing a data protection framework which ensures that sensitive data is only accessible to approved parties. It also prevents criminals from being able to maliciously use data and helps ensure that organizations meet regulatory requirements”, Oyegoke explained.
Oyegoke said governments, organizations and individuals increasingly generate, collect and process personal data and it is imperative that customers’ data is adequately safeguarded by implementing strong data security.
Johan ICT Consultant Eng. John Waweru, on his part, said data protection was the new oil and there was an urgent need to ensure data safety and compliance with the law. Eng. Waweru said though there are software packages that could help with some of the regulatory requirements, it is very important to engage professional consultants in data protection to be able to achieve a robust compliance status.
After the outbreak of the Covid-19 pandemic, many businesses and individuals across the world resorted to virtual business transactions making them vulnerable to operational risks due to incorrect transaction processing or compromise to the data integrity, data privacy, and confidentiality. Apart from technological errors, human factors such as negligence, employee fraud, hackers, etc. are the potential sources of operational risk of e-banking. Security Risk of e-banking also arises from hacking threats and unauthorized access to the bank’s systems through social engineering techniques.
Since all virtual transaction channels are done remotely, it is often difficult for banks to use traditional methods to detect and prevent criminal activities, which is a major source of money laundering risks. Although there are certain money laundering rules in practice for electronic payments, their feasibility and efficiency are often questionable.
Oyegoke said data protection frameworks require controllers and processors to assess and maintain security in their data governance systems, including disclosing data breaches to the data protection authority and in some situations to the relevant data subjects.
A typical data protection framework will also include establishing organizational and technical measures, such as appropriate accountability documents as well as user access rights among other measures. This promotes consumer trust and increased use of digital tools, which in turn incentivizes investment, competition and innovation in the digital economy.
The Kenya Data Protection Act came into effect on November 25, 2019 to protect individuals’ rights, privacy and interests. It was closely modelled after the European Union’s General Data Protection Regulation using many of the same provisions, requirements, and definitions.