42. For the purpose of confirming the existence of appropriate data protection safeguards anticipated under section 49 (1) of the Act and these Regulations, any country or a territory is taken to have such
safeguards if that country or territory has—
(a) ratified the African Union Convention on Cyber Security and Personal Data Protection;
(b) a reciprocal data protection agreement with Kenya; or
(c) a contractual binding corporate rules among a concerned group of undertakings or enterprises.