42—Deeming of appropriate safeguards

42. For the purpose of confirming the existence of appropriate data protection safeguards anticipated under section 49 (1) of the Act and these Regulations, any country or a territory is taken to have such

safeguards if that country or territory has—

(a)  ratified the African Union Convention on Cyber Security and Personal Data Protection;

(b)  a reciprocal data protection agreement with Kenya; or

(c)  a contractual binding corporate rules among a concerned group of undertakings or enterprises.

103  PART VII—TRANSFER OF PERSONAL DATA OUTSIDE KENYA