Speaking when she formally made the announcement, Digital Jewels Founder and CEO Ms. Adedoyin Odunfa said that after its 15-country geographical footprint, Kenya presented an opportunity to forge partnerships with like-minded organizations that are keen to drive the African narrative on data protection and information security.
“We are at a great place currently to begin deploying best practice standards in data protection such as the ISO 27701 that have been specifically designed to elevate the degree of security placed on the data held within our various institutions,” she noted, adding that while there is no specific deadline for registration of Kenyan organizations with the Data Protection Commission, it is important to match the pace of other countries in the East African region such as Rwanda to achieve high rates of compliance.
The firm’s entry into Kenya, said Odunfa, is a critical moment in the journey of various organizations to comply with national, regional and global data protection laws, which place a high premium on the control of data flows, and which are in turn crucial in facilitating international trade. With the government having ratified the African Continental Free Trade Area (AfCFTA), the collection, storage and sharing of data has become a central consideration between trading companies and countries.
In making the Kenyan foray, Digital Jewels has partnered with Serianu, a pioneering cyber security data protection consultancy firm where the two will collectively provide complementary offerings.
“We expect Serianu’s partnership with Digital Jewels to deliver a robust approach for data protection and processes, governance frameworks and technology” said Serianu CEO William Makatiani.
He pointed out that data protection had evolved into a much bigger issue for organizations as they increasingly adopt the use of technology across the entire spectrum of their operations. Noting that there was great progress in creating awareness in the country, Makatiani explained that it is now time to implement the technology, policies and processes that are necessary for data protection.
Echoing his remarks, Data Commissioner Immaculate Kassait stated that the Commission was keen to support and enhance self-regulation, with a plan to roll out an accreditation program for third-party organizations which will be involved in auditing and enforcing compliance with the Data Act.
“We see self-regulation as a key pillar of deepening compliance with data protection as we believe it begins with governance at the institutional level,” said Ms. Kassait.
In order to facilitate this process, the office of the data protection commissioner has developed a set of guidelines for various sectors including fintech and health, that will soon be subjected to public participation.