Kenyan court blocks SME's from accessing personal data

All data processors whether small or medium enterprises in Kenya will be required to register with the Communications Authority of Kenya according to a new 2019 Kenya data protection bill, now some in the industry feel this will affect the growth.

Thu, 26 Sep 2019 10:42:36 GMT

Disclaimer: The following content is generated automatically by a GPT AI and may not be accurate. To verify the details, please watch the video

AI Generated Summary

The introduction of the 2019 data protection bill in Kenya has raised concerns among SMEs about compliance costs and regulatory requirements, but experts argue that these measures are necessary to safeguard customer data and address cybersecurity threats.
The enforcement of data protection regulations is seen as a potential catalyst for innovation in the cybersecurity sector, as companies will need to invest in enhancing their cybersecurity measures to comply with the law.
Consumer empowerment and transparency play a critical role in data protection, with calls for greater visibility and control over personal data to encourage more cautious behavior in data sharing.

Kenya has recently introduced a new data protection bill in 2019, which requires all data processors, including small and medium-sized enterprises (SMEs), to register with the Communications Authority of Kenya. This move has sparked mixed reactions within the industry, with some expressing concerns about the potential impact on the growth and operations of SMEs. To shed more light on this issue, CNBC Africa interviewed Edwin Kairu, the Cybersecurity Lead and co-Founder at Tabiri Analytics. Kairu believes that while the new law may pose challenges for SMEs in terms of compliance costs, it is a necessary step to ensure the protection of customer data. He emphasizes the importance of cybersecurity measures in safeguarding the data collected by companies, highlighting the vulnerabilities that exist in the absence of adequate regulations. The key theme in this discussion revolves around the balance between innovation, regulation, and data protection. Kairu points out that the law aims to keep pace with the rapidly evolving industry and prevent potential cybersecurity threats that could compromise consumer data. He suggests that the enforcement of data protection regulations could actually spur innovation in the cybersecurity sector, as companies will need to enhance their internal capacities or seek external expertise to ensure compliance. Moreover, he anticipates that other governments in the region may observe the outcomes in Kenya before considering similar regulatory measures. The interview also touches on the consumer's role in data protection, highlighting the need for increased transparency from companies in terms of data collection and usage. Kairu suggests that empowering consumers with greater visibility and control over their data can lead to more cautious behavior in sharing personal information. He references the concept of 'the right to be forgotten,' a regulatory provision in the EU that allows individuals to request the deletion of their data from company records. As a representative of Tabiri Analytics, a cybersecurity startup that emerged from a university initiative, Kairu advocates for more opportunities for local companies to innovate in the cybersecurity space. He emphasizes the importance of building indigenous solutions and fostering homegrown talent to drive technological advancements. In conclusion, Kairu's insights shed light on the multifaceted implications of data protection laws on SMEs, consumers, and the cybersecurity landscape in Kenya. While challenges may arise in the short term, the long-term benefits of enhanced data security and innovation could reshape the industry's trajectory and position Kenya as a leader in cybersecurity initiatives.