Use Visitor Management Systems to comply with provisions of the Kenya Data Protection Act (DPA)
Kenya recently enacted a data privacy and protection law, the Data Protection Act of 2019 (the DPA). The DPA gives effect to Articles 31(c) and (d) of the Constitution of Kenya which guarantee the right of every person not to have what is considered private information particularly personally Identifiable information (PII) unnecessarily required or revealed” and the right not to have “the privacy of their communications infringed”.
The DPA establishes the office of a Data Protection Commissioner, which will oversee the implementation of and be responsible for the enforcement of the legislation. The statute adopts global data protection principles (such as those contained in EU’s GDPR) on the basis of which personal data is to be collected, processed, stored and/or transferred.
The new legislation also sets out the rights of data subjects and obligations of data controllers, data processors and third parties who handle personal data. Overall, the DPA will usher in a robust legal and institutional mechanism for the protection of personal data, will have far-reaching implications on how personal data is handled and introduces stiff penalties for breach of its provisions. Organizations will need to review their data management practices to assure compliance with the law. One clearly overlooked process where a lot of personal data is collected is in the visitor management processes. A large number of organizations used paper based visitor sign in books.
Do you currently use a paper sign in book?
Visitor details are visible to other visitors simply by scanning the book. This is obviously a significant problem with the introduction of the DPA as it is very hard to guarantee the privacy of visitor data if you use a paper sign in book.
If your organization uses a paper visitor sign in book, data duplication can also be a problem as visitor details can also be added into CRM’s, onto spreadsheets and a multitude of other systems. This will make it a difficult and laborious process to ensure visitor data can be deleted on request.
With these significant risks and time consuming administrative practices paper sign in books should be a serious concern and using alternative visitor management practices would be highly recommended.
The law has more provisions on the management and storage of data, requirement for consent/informed decision among others. We will be happy to further discuss with our customer and walk together in the journey towards full compliance with the Act.
SOJA can help you improve your visitor management processes, help your staff and offer the tools needed to help you maintain safety, security and data privacy compliance.