The Kenyan Data Protection Commissioner has recently taken action against several organizations for mishandling personal data, imposing monetary penalties on these entities. Mulla Pride, a digital credit provider that operates popular money lending apps KeCredit and Faircash, has been ordered to pay a fine of 2,975,000 Kenyan shilling ($20,114). The company collected names and contact information from a third party without obtaining proper consent from the users. This violation came to light through an investigation carried out by the Office of the Data Protection Commissioner, which subsequently announced the penalty through a notice on social media.
In addition to Mulla Pride, other organizations have also faced repercussions for their improper handling of personal data. Casa Vera Lounge, a restaurant, was fined 1,850,000 Kenyan shilling ($12,508) for posting customer images on social media without obtaining consent. Similarly, Roma School was penalized with a hefty fine of 4,550,000 Kenyan shilling ($30,764) for publishing pictures of children without parental consent.
The Data Protection Commissioner justified the penalties by citing violations of sections 62 and 63 of the Data Protection Act 2019, as well as regulations 20 and 21 of the Data Protection (Complaints Handling Procedure and Enforcement) Regulation 2021. These regulations are in place to ensure the protection of individuals’ personal information and to safeguard their privacy. Any organization found to be in breach of these regulations can face severe penalties, as demonstrated by the enforcement actions taken against Mulla Pride, Casa Vera Lounge, and Roma School.
The regulatory authorities in Kenya are taking data protection seriously and are actively monitoring compliance across various industries. Alongside the penalties issued, a compliance audit was also conducted on WhitePath, another digital credit provider, for sending unsolicited text messages. Naivas Supermarkets underwent a similar audit following a recent data breach incident. These audits serve as a means to assess whether these organizations are adhering to the necessary data protection protocols and to address any compliance concerns.
It is worth noting that this is not the first time the Kenyan Data Protection Commissioner has taken action against organizations for mishandling personal data. In the past, penalties have been imposed for similar data handling complaints and for making spam calls. These actions indicate that the regulatory authorities are committed to enforcing data protection laws and ensuring that organizations in Kenya prioritize the safeguarding of individuals’ sensitive information.
The penalties imposed on Mulla Pride, Casa Vera Lounge, Roma School, and the compliance audits of WhitePath and Naivas Supermarkets highlight the importance of data protection compliance in Kenya. Organizations must take proactive measures to ensure that they have the necessary consent from individuals before collecting and using their personal data. By doing so, these entities can avoid potential regulatory penalties and maintain the trust of their customers.
In conclusion, the Kenyan Data Protection Commissioner’s imposition of monetary penalties on organizations for mishandling personal data underscores the significance of data protection compliance. Mulla Pride, Casa Vera Lounge, and Roma School have faced substantial fines for their violations, and compliance audits have been conducted on WhitePath and Naivas Supermarkets. These actions serve as a reminder to organizations operating in Kenya about the importance of adhering to data protection regulations and prioritizing the privacy rights of individuals.