Full KDPA compliance engagement
Most Kenyan businesses think KDPA compliance is just a form you file. It's not. The ODPC is actively enforcing. Fines are real. And the gap between "we collect data" and "we're compliant" is bigger than most businesses realise. De4sec closes that gap.
ODPC enforcement is active from 2023. Fines for non-compliance can reach KES 3 million or 1% of annual turnover. Data breaches without proper protocols attract criminal liability.
โData mapping audit โ what personal data you collect and where
โGap analysis against KDPA requirements
โODPC registration support โ Data Controller/Processor registration
โPrivacy Policy and Data Processing Agreement drafting
โData retention and deletion policy implementation
โStaff training โ what counts as personal data and how to handle it
โTechnical controls โ encryption, access controls, audit logging
โBreach response plan and 72-hour ODPC notification process
โOngoing compliance monitoring
Who needs KDPA compliance?
โAny business collecting customer information
โHealthcare providers โ patient data
โHotels collecting guest details
โRetailers with loyalty programmes
โOnline businesses handling Kenyan user data
โCompanies processing M-Pesa transaction data
โAny business with employees in Kenya
Engagement model
โOne-time audit + implementation โ fixed fee
โOngoing annual review โ retainer
โODPC renewal support โ included in retainer
