Back to Services

Data Protection & Compliance

Cost-effective, legal and ethical data-handling solutions aligned with Kenyan law and international standards.

Service Overview

Built around your compliance outcomes

Data is at the heart of anti-financial crime compliance. Collecting the appropriate data ensures that organisations understand and assess risks effectively and implement an effective risk mitigation strategy. This requirement poses a risk of data breach. We therefore support organisations in adopting cost-effective, legal and ethical data-handling solutions that align with requirements under Kenyan law and international best practice, such as the European Union’s General Data Protection Regulation (GDPR).

Services Deliver

Undertaking data protection impact assessments
Training organisations on data handling and regulatory compliance
Developing data handling and processing policies and procedures
Supporting institutions in registering with the Office of the Data Protection Commission in Kenya
Auditing existing data protection policies and procedures
Supporting institutions to comply with the World Bank Group's Integrity Compliance Guidelines
Discuss your needs

Have AML/CFT/CPF advisory question?

Speak with a specialist — free 30-minute discovery call.

+254 799 610 422
Talk to an Expert

FAQ

Frequently Asked Questions

Common questions about AML/CFT/CPF Advisoryin Kenya

The Data Protection Act 2019 governs data protection in Kenya, establishing the Office of the Data Protection Commissioner and setting requirements for data collection, processing, storage, and transfer.

Yes, data controllers and processors must register with the Office of the Data Protection Commissioner and comply with the Act's requirements for lawful data processing.

Kenyan organisations processing data of EU residents or doing business in the EU must comply with GDPR requirements, including consent, data subject rights, and cross-border transfer safeguards.

A DPIA is a systematic assessment of how personal data processing operations may impact the privacy and rights of individuals, identifying risks and mitigation measures before processing begins.

Yes, we assist organisations in developing data breach response plans, conducting investigations, and fulfilling notification requirements under the Data Protection Act.