The Office of the Data Protection Commissioner in Kenya

The Office of the Data Protection Commissioner in Kenya, established under the Data Protection Act, functions as a state authority under Article 260 (q) of the Constitution, consisting of the Data Protection Commissioner as its head and other appointed staff.

Structure and Capabilities:

The Office acts as a body corporate with perpetual succession and a common seal.
It has the legal capacity to sue and be sued, manage properties, enter contracts, and conduct necessary legal actions for its function.
It commits to making its services accessible throughout the Republic.

Directorates Establishment:

The Data Protection Commissioner, in consultation with the Cabinet Secretary for ICT, establishes directorates to enhance the Office’s function.

Functions of the Office:

Enforce and oversee the Data Protection Act’s implementation.
Maintain a register of data controllers and processors.
Monitor data processing activities, ensuring compliance with the Act.
Promote self-regulation among data controllers and processors.
Assess compliance of information processing with legal standards.
Investigate complaints about rights infringements under the Act.
Educate the public about the Data Protection Act’s provisions.
Inspect entities to assess personal data processing practices.
Facilitate international cooperation on data protection and comply with global obligations.
Evaluate new personal data handling methods for privacy impacts.
Undertake additional functions as prescribed by law or necessary for achieving the Act’s objectives.

Collaboration and Independence: