Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
Kenya’s Data Protection Act, 2019 (DPA) is based on the framework of the EU’s General Data Protection Regulation (GDPR), making it the third region in East Africa to have enacted and enforced data protection regulations. The DPA seeks to protect the personal data of individuals by obligating data controllers and data processors and regulating the processing of personal data. The DPA protects the personal data of individuals residing in Kenya.
The Data Protection Act, 2019, came into effect in November 2019.
Securiti enables organizations to ensure seamless compliance with Kenya Data Protection Act (DPA) 2019 with its AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment.
Securiti supports enterprises in their journey towards compliance with Kenya DPA 2019 through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of Kenya’s data protection act.
Create customized web forms according to your brand image with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.
Data subjects have the right to be informed of the use of their personal data and access their data held by an organization. For this purpose, organizations must simplify the initiation of verified DSR requests. Automating the delivery and generation of secure data access reports will significantly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.
Disclosure of information to the data subjects within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.
Sections 26(d), 40(a)
With the help of automated data subject verification workflows across all appearances of a subject’s personal data, you can seamlessly fulfill all data rectification requests.
Sections 26(e), 40(b)
Fulfill data subject’s erasure requests swiftly through automated and flexible workflows.
Sections 26(c), 34, 36
Build a framework for objection and restriction of processing handling based on business requirements, with the help of collaborative workflows.
Sections 30(1), 32, 33(a), 37(a)
Track consent revocation of data subjects to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data subjects.
Sections 25, 30, 31, 41
With the help of our multi-regulation, collaborative, readiness, and personal information impact assessment system, you can gauge your organization's posture against Kenya’s Data Protection Act’s requirements, identify the gaps, and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance.
Sections 30(1), 32
Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.
Automates compliance actions and breach notifications to concerned stakeholders about security incidents by leveraging a knowledge database on security incident diagnosis and response.
Keep track of privacy and security readiness for all your service providers and processors from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.
Right to be Informed: Data subjects have the right to be informed of the use of their personal data. Organizations must also notify data subjects of their rights before the collection of personal data.
Right to Access: Data subjects have the right to access their personal data held by the data controller or data processor.
Right to Rectification: Data subjects have the right to request correction of any false or misleading data.
Right to Erasure: Data subjects have the right to request the deletion of false or misleading data.
Right to Data Portability: Data controllers and processors are obligated to honour data subjects’ right to portability by providing them their personal data in a structured, commonly-used and machine-readable format on their request.
Right to Object: The data subject has the right to object to the processing of their personal data unless the data controller or data processor demonstrates compelling legitimate interests that override the data subject’s interests.
Right not to be Subjected to Automated Decision-Making: The data subject has the right to not be subject to a decision based solely on automated processing including profiling which produces legal effects concerning them or significantly affects the data subject.
The DPA prohibits data controllers and data processors from cross-border data transfers unless there are adequate data protection safeguards in place.
PO Box 13039,
Coyote CA 95013