Kenya: Opened consultation on OPDC draft Data Protection (Conduct of Compliance Audit) Regulations, 2024

On 3 December 2024, the Office of the Data Protection Commissioner (ODPC) opened a public consultation on the draft Data Protection (Conduct of Compliance Audit) Regulations until 6 January 2025. The draft regulations provide a framework for conducting data protection audits to assess compliance with the Data Protection Act, 2019. The draft regulations establish procedures for initiating audits, accreditation of data protection auditors, and the responsibilities of data controllers, data processors, and auditors during the audit process. They outline how audits may be conducted by the ODPC, external auditors, or private auditors, including the recognition of privately initiated audits. The draft regulations also specify criteria for accreditation, the process for renewal or revocation of accreditation, and the duties of data controllers and processors to cooperate with audits.