The Kenyan government introduced a new data protection law that came into effect in September 2019. The law protects the personal data of Kenyan citizens and residents and sets out strict rules about how data must be collected, used, and disclosed.

Under the new law, data controllers (those who collect and process personal data) must take steps to ensure that data is collected accurately and lawfully and that it is only used for the purposes for which it was intended.

Data controllers must also provide individuals with access to their personal data, and allow them to request corrections if necessary. The law also gives individuals the right to complain if they believe their rights have been violated.

The Kenya Data Protection Act also regulates the processing of personal data by public bodies and sets out a number of offenses relating to data protection.

The Kenya Data Protection Act applies to all processing of personal data, including the storage, use, disclosure, and destruction of that data. Personal data is any information related to an identified or identifiable individual.

The introduction of this law is a positive step for data protection in Kenya. However, there are still some concerns about how it will be enforced, and whether data controllers will be able to comply with all of the requirements.