On Friday, November 8, President Uhuru Kenyatta signed into law the Data Protection Bill 2019 subsequently creating a new government position with it.
The new data law established ‘The Office of The Data Commissioner’ and set out the requirements of the candidate to be appointed for the position and also the roles of the position.
According to the new legislation, the Public Service Commission (PSC) shall be in charge of the recruitment process by receiving the applications which it shall consider in compliance with the Act.
PSC shall then shortlist qualified applicants, publish and publicise their names then conduct the interviews of the shortlisted persons in an open and transparent process, it would then forward three names to the relevant CS for the appointment.
The bill further explained that the commissioner would serve a single term of six years and shall not be eligible for re-appointment once the term had expired.
The office shall according to the bill oversee the implementation of and be responsible for the enforcement of all data related matters as per the law.
It would also establish and maintain a register of data controllers and data processors on top of exercising oversight on data processing operations, either of own motion or at the request of a data subject, and verify whether the processing of data is done in accordance with the new law.
The Data Commissioner will also promote self-regulation among data controllers and data processors and conduct assessments on its own initiative of a public or private body.
The assessment could also be initiated at the request of a private or public body for the purpose of ascertaining whether the information is processed according to the provisions of this law or any other relevant law.
This new office will also receive and investigate any complaint by any person on infringements of the rights under the data protection law of 2019 and take such measures as may be necessary to bring the provisions of the law to the knowledge of the general public.
It will also carry out inspections of public and private entities with a view to evaluating the processing of personal data and promote international cooperation in matters relating to data protection and ensure the country’s compliance on data protection obligations under international conventions and agreements
The Data Commissioner would also undertake research on developments in the processing of personal data and ensure that there is no significant risk or adverse effect of any developments on the privacy of individuals.