The state of data privacy is a widely discussed topic of conversation. The new EU data protection law is setting Kenya up for the next step towards foreign investment opportunities. In short, these new legal standards will place restrictions on the handling, storing and shareability of personal user data.
Following the announcement on 8 November 2019 that Kenyan President Uhuru Kenyatta signed the European Union General Data Protection Regulation, aligning Kenyan legislation with the EU, great interest was ignited as the new legislation offers more regulated safeguards against the misuse of personal information. Furthermore, it comes with a substantial fine of 3 million Shillings or a two-year jail sentence, should the terms be violated.
Digital-lending apps, in particular, have come under scrutiny for malicious attacks that gain access to smartphone data without consent to determine creditworthiness. With mobile technology and digital apps on the rise, we’ve already started to see resistance from Silicon Valley’s giants like Facebook, WhatsApp and Google, who have been known to collect user data without disclosing their intent or seeking the user’s consent.
It comes as no surprise then that government saw this as an opportunity to hold private companies accountable for how they process customer data, and to bridge the gap, not only in terms of data privacy but also to show potential investors its readiness to comply to regulations, which will better safeguard personal information.
But how much does this impact businesses? Firstly, the regulation outlines how information obtained by firms and government entities should be gathered, used, stored and shared. Therefore, companies who handle personal data need to realign their operations around these guidelines.
Take, for example, an airline operator, who obtains a fair amount of personal passenger information daily, which is shared to process payment. Under the new regulation, it becomes incumbent on the operator to appoint a Data Protection Officer who will be responsible for ensuring that the operator is fully compliant with all aspects of the regulation.
Secondly, it enables global investment. A lack of data protection has hampered efforts to digitalise identity records for citizens in the past. However, with the implementation of the new data protection regulation, investors might be more forthcoming with their investments. The new regulation, therefore, encourages a sense of trust as local entities are held to global practices and a single standard.
In fact, we already see big conglomerates like Amazon announce its plan to set up a part of its Amazon Web Services cloud infrastructure in Kenya, spurred on by the implementation of the new law.
The implementation of the new legislation is of the utmost importance to ensure the growth and trust in emerging technologies like cloud services. This is particularly important with the rise in popularity of big data. With endless amounts of data being collected daily, users can now rest assured that while they might not be aware of what happens with their collected personal data, compliancy laws will safeguard its integrity.
As a data network service provider, we prioritise the security of our clients’ personal data and, therefore, support the new legislation in full. While the impact of the law will take time to come to volition, it’s imperative for businesses operating in this sphere to start preparing in advance.
By Tonny Tugee, SEACOM East North East Africa Managing Director