Kenya: Office of the Data Protection Commissioner fined Diamond Trust Bank Kenya and Uganda KES 500'000 for breaches of data protection regulations

On 24 November 2025, the Office of the Data Protection Commissioner (ODPC) in Kenya issued a penalty notice against Diamond Trust Bank Kenya and Uganda, imposing a total fine of KES 500'000 and issuing an enforcement notice against Diamond Trust Bank Uganda. This action followed a complaint against Diamond Trust Bank Kenya and its Ugandan subsidiary by a data subject who alleged that she had improperly received a third party's financial data, and had been blocked from accessing her own personal data in the form of bank statements. The ODPC found that the respondents had failed to process the data subject's personal in line with data protection principles, did not have a legal basis for processing her personal data, and failed to adhere to requirements of having appropriate technical and organisational measures to ensure data protection by design.