Digital Policy Alert logo

Kenya: Implemented Data Protection (General) Regulations including data localisation requirement

Policy overview

Description

Implemented Data Protection (General) Regulations including data localisation requirement

On 14 February 2022, the Data Protection (General) Regulations, 2021 entered into force. According to the regulations, data controllers or processors handling personal data for strategic state interests must process the data through a server and data centre in Kenya or store a copy locally. These strategic interests include civil registration, elections, public finance administration, protected computer systems, education services, and primary or secondary healthcare. The Cabinet Secretary may also require compliance if a data controller processing data abroad fails to address breaches, violates the Act, or obstructs investigations by authorities.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data localisation requirement
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2021-12-07
adopted

On 7 December 2021, the Cabinet Secretary, Ministry of Information, Communication, Technology, Inno…

2022-02-14
in force

On 14 February 2022, the Data Protection (General) Regulations, 2021 entered into force. According …

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.