Kenya Data Protection Act
Kenya Data Protection Act 2019 + Data Protection (General) Regulations 2021.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
KE DPA Breach Notification
| Code | Title |
|---|---|
| KE-DPA-Breach-Notification-Sections43-72-Hour-ODPC-Affected-Subjects-Mitigation-Documentation | Kenya DPA Personal Data Breach Notification + Section 43 + 72-Hour ODPC + Affected Data Subjects High Risk + Mitigation + Documentation + Processor Notification Chain + Cross-Border Coordination |
KE DPA Complaints + Penalties
| Code | Title |
|---|---|
| KE-DPA-Complaints-Enforcement-Sections56-63-Penalties-KES-5M-1-Percent-Turnover-Whichever-Higher | Kenya DPA Complaints + Enforcement + Sections 56-63 + Administrative Penalties + KES 5 Million OR 1 Percent Annual Turnover Whichever Higher + Civil Compensation + Criminal Offences + Director/Officer Liability + Reasonable Care Defence |
KE DPA Cross-Border + Data Localisation
| Code | Title |
|---|---|
| KE-DPA-Cross-Border-Transfer-Section48-50-Adequacy-Consent-Public-Interest-Performance-Localisation-Strategic | Kenya DPA Cross-Border Transfer + Sections 48-50 + Adequacy + Consent + Public Interest + Performance + Localisation for Strategic Interests + EAC Coordination + African Union Convention + Cabinet Secretary Approval |
KE DPA Data Subject Rights
| Code | Title |
|---|---|
| KE-DPA-Data-Subject-Rights-Sections26-Access-Correction-Erasure-Object-Portability-Restriction-30-Days | Kenya DPA Data Subject Rights + Section 26 + Right to be Informed + Access + Correction + Erasure + Object + Restriction + Portability + Automated Decision-Making + 30-Day Response + Free for First Request + Refusal Grounds Limited |
KE DPA Lawful Basis + Notice
| Code | Title |
|---|---|
| KE-DPA-Lawful-Basis-Section30-Consent-Contract-Legal-Vital-Public-Interest-Legitimate-Section29-Notice | Kenya DPA Lawful Basis + Section 30 + Consent + Contract Performance + Legal Obligation + Vital Interests + Public Interest + Legitimate Interests + Section 29 Notice + Express Unequivocal Consent + Withdrawal Right |
KE DPA Registration + ODPC
| Code | Title |
|---|---|
| KE-DPA-Registration-Section18-19-Mandatory-ODPC-Controllers-Processors-Annual-Renewal | Kenya DPA Mandatory Registration with ODPC + Sections 18-19 + Controllers + Processors + Annual Renewal + Registration Categories + Material Change Notification + Exemptions + Public Register |
KE DPA Scope + Application
| Code | Title |
|---|---|
| KE-DPA-Scope-Application-Sections1-3-Act-No-24-2019-8-November-2019-25-November-Effective-Article-31-Constitution-ODPC | Kenya Data Protection Act 2019 Scope + Application + Sections 1-3 + Act No. 24 of 2019 + Assented 8 November 2019 + Effective 25 November 2019 + Article 31 Constitution Right to Privacy + Office of Data Protection Commissioner (ODPC) + GDPR-Aligned + EU Adequacy Candidacy |
KE DPA Sensitive Data + Children
| Code | Title |
|---|---|
| KE-DPA-Sensitive-Personal-Data-Section44-46-Children-Section33-Health-Genetic-Biometric-Religious-Sex-Marital | Kenya DPA Sensitive Personal Data + Sections 44-46 + Children Section 33 + Health + Genetic + Biometric + Religious + Sex Life + Sexual Orientation + Marital Status + Ethnicity + Tribe + Immigration + Family Details + Heightened Consent + Special Conditions |
Your Compliance Coverage
If you comply with Kenya Data Protection Act, you already cover:
Azure Security Benchmark
25%
2 controls mapped
Compare →Vermont Artificial Intelligence and Consumer Data Act (AICDA)
25%
2 controls mapped
Compare →Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
25%
2 controls mapped
Compare →+ 40 more: Privacy Act 1988 (Australia) (25%), Pakistan Personal Data Protection Bill 2023 (25%)
See all 43 mapped frameworks ↓Maps to 43 other frameworks
Frequently Asked Questions
What is Kenya Data Protection Act?
Kenya Data Protection Act is a compliance framework from Kenya with 8 domains and 8 controls. Kenya Data Protection Act 2019 + Data Protection (General) Regulations 2021. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Kenya Data Protection Act have?
Kenya Data Protection Act has 8 controls organised across 8 domains. The largest domains are KE DPA Breach Notification (1 controls), KE DPA Complaints + Penalties (1 controls), KE DPA Cross-Border + Data Localisation (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Kenya Data Protection Act map to?
Kenya Data Protection Act maps to 43 other compliance frameworks. The top mapping partners are Azure Security Benchmark (25% coverage), Vermont Artificial Intelligence and Consumer Data Act (AICDA) (25% coverage), Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) (25% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Kenya Data Protection Act compliance?
Start your Kenya Data Protection Act compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Kenya Data Protection Act requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required