Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the goldenblatt domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mcckadvo/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the bold-timeline domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mcckadvo/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the bt-cost-calculator domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mcckadvo/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mcckadvo/public_html/wp-includes/functions.php on line 6114
DATA PROTECTION FREQUENTLY ASKED QUESTIONS- SERIES TWO - MCCK Advocates LLP
 
info@mcckadvocatesllp.co.ke
Suite A33, Upper Hill Gardens Apartments, Third Ngong Avenue

Follow us:

Data ProtectionDATA PROTECTION FREQUENTLY ASKED QUESTIONS- SERIES TWO

November 10, 20220

In this series, we take you through the registration process and what is required for the registration of your organization as a Data Handler in Kenya.

How do you register as a Data Handler?

Registration as a Data Handler is done by submitting a filled DPR 1 form as provided under rule 5(1) (a) of the Data Protection (Registration of Data Controllers and Processors) Regulations, 2021 (the “Regulations”.

What details are required for the form?

One is required to provide the following information: –

  1. Your organization’s postal address, code, county, telephone number, email address, county and country location, business sector, legal establishment i.e., private company/partnership etc. For Public bodies, one must specify the state department or county department.
  2. The organization’s Data subjects i.e., employees, clients, directors, shareholders, suppliers, service providers, students etc.
  3. The description of personal data being collected and processed by your organization i.e., names, dates of birth, national identity/ passport numbers, PIN Certificates, postal addresses, email addresses, marital status, dependents, employment status, bank account details etc.
  4. The purpose of processing personal data i.e., know your customer, payroll, invoicing etc.
  5. If your organization processes sensitive personal data in the following categories, they are also required to provide the purpose for processing said sensitive personal data.
    1. Racial or ethnic origin
    2. Political opinion or adherence
    3. Religious or philosophical beliefs
    4. Marital status and family details
    5. Physical or mental health or condition
    6. Sexual orientation, practices, or preferences
    7. Biometric data
    8. Property Details (Including Financials)
    9. GPS Location Data
    10. Genetic Data
  6. The list of countries in which your organization stores or transfers personal data, if applicable.
  7. Your organization’s number of employees and the previous year’s turnover.
  8. The potential risks to the personal data being processed by your organization i.e., unauthorized access/ disclosure, theft, malware, and cyber-attacks.
  9. The safeguards put in place by your organization to mitigate the risks i.e., visitors’ logbook, data encryption policies, anti-virus software, employee background checks, staff training etc.

Are there any additional details or documents required?

Yes, you are required to upload your organization’s Certificate of Incorporation and evidence of the organization’s turn over i.e., the previous year’s financial statement.

Where do I submit the form?

All the details provided in the form are to be submitted online through the Office of the Data Protection Commissioner (ODPC) registration portal.

Are there any fees to be paid?

Yes, the requisite fees to be paid are prescribed under Schedule 2 of the Regulations as follows: –

Category Description Registration fee in Kshs. per Data Controller/Processor) (payable Once) Renewal fee in Kshs. per Data Controller/Processor) (after every 2 years
Micro and Small Data Controllers /Processors A data controller/ processor with between 1 and 50 employees and an annual turnover/revenue of a maximum of Kshs 5 Million  

4,000.00

 

2,000.00

Medium Data Controllers /Processors A data controller/ processor with between 51 and 99 employees and an annual turnover/revenue of between Kshs 5,000,001 and a maximum of Kshs 50 Million  

16,000.00

 

9,000.00

Large Data Controllers /Processors Data controller/processor with more than 99 employees and an annual turnover/revenue of more than Kshs 50 Million  

40,000.00

 

25,000.00

Public entities Data controller/processor offering government functions (Regardless of the number of employees or revenue/turnover)  

4,000.00

 

2,000.00

Charities and Religious entities Data controller or Data processor offering charity or religious functions (Regardless of revenue/turnover)  

4,000.00

 

2,000.00

 

How do I make the payment?

Payment of the data handler registration application fees is made online through the ODPC registration portal.

Will I be issued a receipt upon payment?

Yes

How long will it take for the ODPC to approve my application?

Once you have submitted all the requested information on the DPR 1 form, made payments of the requisite fees, and the ODPC is satisfied with your application, it will take a period of 14 days for approval to be issued.

What happens after my application is approved?

You will be issued with a Certificate of Registration and your organization’s particulars will be entered in the register of Data Handlers.

How long is the Certificate of Registration valid?

The Certificate of Registration is valid for 24 Months.

Can I apply for renewal of registration as a Data Handler?

Yes, you can after the expiry of the Certificate of Registration.

How do I apply for renewal?

Through uploading the details requested on the DPR 2 form specifying if the renewal is for a distinct purpose or categories of data other than that for which you had been registered, respectively and paying the prescribed renewal fees.

In the subsequent series, we shall take you through what happens when your application for registration or renewal is declined.

This article is issued for general information only and should not be relied upon without seeking specific subject matter legal advice.

Please feel free to contact MCCK Advocates LLP for any clarification, questions or advice concerning Data Protection Laws at info@mcckadvocatesllp.co.ke or visit our website at www.mcckadvocatesllp.co.ke

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *