Activity Tracker
The DPA Activity Tracker provides our latest information on developments in legislatures, judiciaries and the executive branches of G20, EU member states and Switzerland.
259 events advancing 168 policy or regulatory changes:
Graph
Table
Office of the Data Protection Commissioner investigation into Diamond Trust Bank Kenya and Uganda for alleged breaches of data protection regulations
Office of the Data Protection Commissioner fined Diamond Trust Bank Kenya and Uganda KES 500'000 for breaches of data protection regulations
On 24 November 2025, the Office of the Data Protection Commissioner (ODPC) in Kenya issued a penalty notice against Diamond Trust Bank Kenya and Uganda, imposing a total fine of KES 500'000 and issuing an enforcement notice against Diamond Trust Ban…
Guidance on processing personal data by micro, small, and medium enterprises
Office of the Data Protection Commissioner adopted guidance note on processing personal data by micro, small, and medium enterprises
On 6 November 2025, the Office of the Data Protection Commissioner (ODPC) adopted a guidance note on processing personal data by micro, small, and medium enterprises (MSMEs). The guidance note, prepared under the Data Protection Act, 2019, and its s…
Guidance on processing of children's data
Office of the Data Protection Commissioner adopted guidance on processing of children's data
On 6 November 2025, the Office of the Data Protection Commissioner (ODPC) adopted the guidance note on the processing of children’s data. The guidance issued pursuant to the Data Protection Act, 2019, and the Data Protection (General) Regulations, 2…
Guidance on processing of personal data for research purposes
Office of the Data Protection Commissioner adopted guidance on processing of personal data for research purposes
On 6 November 2025, the Office of the Data Protection Commissioner (ODPC) adopted a guidance note on the processing of personal data for research purposes. The guidance issued pursuant to Section 53(3) of the Data Protection Act, 2019, and the Data …
Guidance on processing of biometric data
Office of the Data Protection Commissioner adopted guidance on processing of biometric data
On 6 November 2025, the Office of the Data Protection Commissioner (ODPC) adopted a guidance note on the processing of biometric data. The guidance note, issued under the Data Protection Act, 2019, and the Data Protection (General) Regulations, 2021…
Content moderation regulation in Computer Misuse and Cybercrimes (Amendment) Act, 2025
Computer Misuse and Cybercrimes (Amendment) Act, 2025 including content moderation regulation enters into force
On 4 November 2025, the Computer Misuse and Cybercrimes (Amendment) Act, 2025, enters into force. The amendment modifies Section 6 of the principal Computer Misuse and Cybercrimes Act, granting the National Computer and Cybercrimes Coordination Comm…
Communications Authority's industry guidelines for child online protection and safety in Kenya
Communications Authority's industry guidelines for child online protection and safety in Kenya enter into force
On 29 October 2025, the Communications Authority of Kenya’s (CA) Industry Guidelines for Child Online Protection and Safety enter into force. The guidelines are founded on several principles, with a primary focus on safeguarding children’s rights to…
FATF list of jurisdictions under increased monitoring
FATF released updated list of jurisdictions under increased monitoring
On 24 October 2025, the Financial Action Task Force (FATF) released an updated list of jurisdictions under increased monitoring following the completion of the fourth FATF plenary meeting. Such jurisdictions have committed to the implementation of m…
Income Tax (Significant Economic Presence Tax) Regulations, 2025
Revenue Authority closed consultation on Draft Income Tax (Significant Economic Presence Tax) Regulations
On 7 October 2025, the Revenue Authority (KRA), on behalf of the Cabinet Secretary for the National Treasury and Economic Planning, closed the consultation on the Draft Income Tax (Significant Economic Presence Tax) Regulations, 2025. Developed unde…
Order on accession to African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention)
Office of the Data Protection Commissioner closes consultation on accession to African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention)
On 6 October 2025, the Office of the Data Protection Commissioner (ODPC) of Kenya closes stakeholder consultations on the country’s accession to the African Union Convention on Cyber Security and Personal Data Protection, also referred to as the Mal…