Firms offering data protection Kenya are led by professionals in the field of data protection and they understand the ethics of their work.
Being professionals in the field, they understand the laws that govern data protection and will be able to offer guidance on how to safeguard your data without getting on the wrong side of the law. They will help you assess the current state of compliance and also enable you receive advice on how to improve your policies and procedures which will inturn help you avoid the risks that come with data insecurity.
Just like any other field data protection ACT sets out some principles governing the use of personal information which everyone must comply with, unless an exemption applies.
These principles are in essence a code of good practice for processing personal data. You can get more information on each of the principles in schedule 1 part 2 of the act.
The eight principles of data protection Kenya
The first principle of the act states that personal data shall be processed fairly and lawfully and in particular, shall not be processed unless at least one of the conditions in schedule 2 is met and in the case of sensitive personal data, at least one of the conditions set out in schedule 3 or either of the two statutory instruments is met.
The second principle stipulates that data shall be obtained only for one or more specified and lawful purposes. It goes ahead to stipulate that personal data shall not be further processed in any manner incompatible with that purpose or those purposes.
It says that personal data shall be relevant, adequate and not excessive in relation to the purpose or purposes for which they are processed.
The fourth principle states that all personal data shall be accurate and where necessary, kept up to date.
It stipulates that personal data processed for any purpose purposes shall not be kept for longer than is necessary for that purpose or those purposes.
All personal data shall be processed in accordance with the rights of data subjects under this act.
It states that appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory which does not ensure adequate level of protection for the rights and freedoms of subjects in relation to the processing of personal data.
The key points every member of staff needs to know about data protection
If anyone asks to see information that you hold about them then you must contact your local freedom of information practitioner as soon as possible.
You must tell individuals what you do with information regarding them, including to whom you disclose it.
You must keep personal data securely. For example, if you use large amounts of personal data or sensitive personal data, store them on the company’s networks or use encryption.
You must not keep personal data for longer than is necessary.
Always follow the company’s policies and procedures if you have to pass personal data outside the company. This may include publishing personal information on the internet, allowing contractors to access the systems, sharing personal data with government agencies and others.
If you are a business owner or a company, then I believe that you really need to protect your company or business information by seeking the services of data protection Kenya consultancy firms.