On 8th November 2019, the President of the Republic of Kenya H.E Uhuru Kenyatta assented to the Data Protection Bill, ushering Kenya into a substantive Data Protection Act,2019 (the “Act”). The commencement date for the Act is 25th November 2019.

It has been a long time coming for the implementation of the right to privacy as guaranteed in the Constitution of Kenya 2010. The Act gives effect to Article 31(c) and (d) of the Constitution: the right not to have information relating to family or private affairs unnecessarily required or revealed as well as the right not to have the privacy of their communications infringed. 

After several attempts with various Data Protection Bills in 2011, 2013, 2014 and 2016, 2018 (Senate Bill) and the recently enacted 2019 (National Assembly Bill). The Data Protection Act 2019 is significantly different from the first data protection bill of 2011 and in many ways a much better legislation that we would have gotten in the past. It borrows heavily from the EU General Data Protection Regulations and is expected to usher Kenya into a new compliance framework for businesses. This enhanced compliance in both public and private sector is expected to attract and increase foreign direct investment in Kenya. It will be interesting to monitor the impact of this new law on business bottom lines as well as foreign investment.