The Office of the Data Protection Commissioner (ODPC) has warned organizations handling personal data that failure to register could attract enforcement action and penalties of up to Ksh5 million.
In a notice issued on Thursday, June 4, the ODPC urged organizations processing personal data to comply with registration requirements.
It noted that data controllers and processors are not permitted to operate without registration from the Data Commissioner.
According to the ODPC, non-compliance may result in an Enforcement Notice under Section 58, legally requiring affected organizations to take corrective action within a specified timeline.
Organizations that ignore such notices could face administrative penalties, including fines of up to Ksh5 million.
Read More
"Non-compliance comes at a cost. Take the necessary steps to stay compliant," the notice read in part.
Elsewhere, this comes weeks after the Kenya Medical Association (KMA) raised concerns over the breach of privacy in hospitals by politicians and other public figures.
In a statement on Friday, May 8, the doctors’ umbrella association noted a growing trend of politicians, public figures, and members of the public staging photo sessions, live broadcasts, and media events inside healthcare facilities for political mileage or personal publicity.
While denouncing the practice, KMA stressed that patients were being exploited for selfish interests.
"Such actions are neither advocacy nor service, they are exploitative practices that undermine the rights to privacy, confidentiality, and respectful care. Medical workspaces should be respected and given the dignity they deserve," it said.
According to the association, patients in hospitals, particularly in public facilities, who are economically disadvantaged and unaware of their rights, remain especially vulnerable to such exploitation.
KMA demanded that politicians and public figures immediately stop holding media events, photo opportunities, and live streams inside clinical and patient-facing areas of any health facility.
"Health facility administrators must enforce strict no-filming policies, require informed consent for any photography involving patients, and designate staff with the authority to penalise any visitor, regardless of status, who compromises patient dignity," it added.
The association urged the KMPDC to issue a formal directive clarifying that facilitating political filming in clinical settings amounts to professional misconduct and must investigate reported cases.
KMA also involved the Office of the Data Protection Commissioner, seeking its intervention to punish those perpetuating the practice.
"The ODPC must investigate incidents in the public domain and publish enforcement guidance specific to patient data in healthcare settings," it further said.
