• Monday to Saturday 9AM – 5PM

Follow Us On:

Facebook X-twitter Linkedin
Hire Us Now

The Data Protection Act, 2019 of Kenya: Understanding the Rights of Data Subjects

Introduction

The Data Protection Act, 2019 of Kenya provides a comprehensive framework for data protection in the country. It establishes the rights of data subjects and outlines the responsibilities of data controllers and processors. This article delves into the various rights of data subjects under the Act and explains their implications.

Overview of the Data Protection Act, 2019

Introduction to the Act

The Data Protection Act, 2019 was enacted to regulate the processing of personal data and to protect the privacy of individuals. This legislation aligns with international standards, ensuring that Kenya’s data protection measures are on par with global best practices.

Objectives of the Act

  • To protect the privacy of individuals.
  • To establish the rights of data subjects.
  • To outline the obligations of data controllers and processors.
  • To provide a framework for the lawful processing of personal data.

Rights of Data Subjects under the Data Protection Act, 2019

Right to Be Informed

Data subjects have the right to be informed about the collection and use of their personal data. This includes:

  • Purposes of Data Processing Data controllers must disclose the reasons for collecting and processing personal data.
  • Legal Basis for Processing It is essential to inform data subjects of the legal grounds for processing their data.
  • Identity of the Data Controller Data subjects should know who is responsible for their data.

Right of Access

Data subjects can request access to their personal data held by a data controller. This encompasses:

  • Information on Processing Activities Data subjects can inquire about how their data is being processed.
  • Categories of Data They have the right to know the types of data being processed.
  • Recipients of Data Information about who has access to their data must be provided.

Right to Rectification

If a data subject believes that their personal data is inaccurate or incomplete, they have the right to request corrections. This includes:

  • Prompt Corrections Data controllers must rectify errors without undue delay.
  • Completion of Incomplete Data Data subjects can request that incomplete data be completed.

Right to Erasure (Right to be Forgotten)

Data subjects can request the deletion of their personal data under certain conditions:

  • Data No Longer Necessary If the data is no longer needed for its original purpose.
  • Withdrawal of Consent When consent is the basis for processing it is withdrawn.
  • Unlawful Processing If the data has been processed unlawfully.

Right to Restriction of Processing

Under specific circumstances, data subjects can request the limitation of their data processing:

Contesting Accuracy
When the accuracy of the data is disputed.

Objection to Processing If the data subject objects to the processing.

Limited Processing Conditions Data can only be processed with the data subject’s consent or for legal claims.

Right to Data Portability

Data subjects can receive their personal data in a structured, commonly used, and machine-readable format:

Transfer of Data They can transmit this data to another data controller.

Technical Feasibility The transfer should be possible without hindrance.

Right to Object

Data subjects can object to the processing of their personal data based on their particular situation:

Grounds for Objection The objection must be based on specific personal circumstances.

Compelling Legitimate Grounds The data controller must demonstrate compelling reasons to continue processing.

Rights concerning Automated Decision-Making and Profiling

Data subjects have the right not to be subjected to decisions based solely on automated processing:

Human Intervention They can request human intervention in the decision-making process.

Contesting Decisions Data subjects can contest decisions made through automated processing.

Right to Withdraw Consent

If data processing is based on consent, data subjects can withdraw their consent at any time:

Lawfulness of Previous Processing The withdrawal does not affect the legality of previous processing based on consent.

Future Processing Future data processing based on consent must cease upon withdrawal.

Right to Lodge a Complaint

Data subjects can lodge a complaint with the Data Commissioner if their data protection rights are violated:

Role of the Data Commissioner The Data Commissioner enforces the Act and investigates complaints.

Taking Action The Data Commissioner can take appropriate action based on complaints.

Right to Compensation

Data subjects can seek compensation through the courts if they suffer damage due to unlawful data processing:

Legal Recourse They can pursue legal action for compensation.

Types of Damage Compensation can be sought for both material and non-material damage.

H1: Conclusion

The Data Protection Act, 2019 of Kenya empowers individuals by granting them significant rights over their personal data. These rights ensure that data subjects have control over their information and can take action if their data is mishandled. As data protection becomes increasingly important, understanding these rights is crucial for both data subjects and data controllers.

FAQs

1. What is the purpose of the Data Protection Act, of 2019?

The Act aims to protect the privacy of individuals, establish the rights of data subjects, outline the obligations of data controllers and processors, and provide a framework for lawful data processing.

2. What should I do if I believe my data protection rights have been violated?

You can complain to the Data Commissioner, who is responsible for enforcing the Act and investigating complaints.

3. Can I request the deletion of my data?

Yes, under certain conditions such as if the data is no longer necessary for its original purpose, if you withdraw consent, or if the processing is unlawful.

4. How can I access the data held by a data controller?

You can exercise your right of access by requesting information about the processing activities, categories of data being processed, and the recipients of the data.

5. What is data portability, and how does it benefit me?

Data portability allows you to receive your data in a structured, commonly used, and machine-readable format, and to transmit this data to another data controller without hindrance. This right facilitates easier transfer of data between service providers.

Tag Post:

Technology Law

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Load More

Don't Hesitate to Call Us

Your journey toward legal clarity begins with a single step – reaching out to us.

0707 329 013

Categories

Uncategorized
Technology Law
Family Law
NKMAdvocates Logo

Other Pages

Quick LInks

Follow us on Our Socials

Get our Latest Updates & News

Jki-facebook-light X-twitter Youtube Linkedin

Copyright © 2024 NKM ADVOCATES

Designed by Torysmart Digital