Nakuru: The Office of the Data Protection Commissioner (ODPC) has unveiled a training programme for Egerton University employees aimed at equipping them with essential knowledge and skills in data protection. The initiative promotes accountability, transparency, and secure data management in institutions of higher learning.
According to Kenya News Agency, Principal of Egerton University Nakuru Town Campus, Professor George Ogendi, described data protection as a critical global issue. He said the training was designed to align the institution’s senior staff with international standards and safeguard the rights of Kenyans.
Speaking at the inauguration of the four-day programme held at the Njoro main campus, Professor Ogendi, representing Vice Chancellor Professor Isaac Kibwage, emphasised that a proactive approach to data protection supported by clear policies and proper governance structures is vital for safeguarding both staff and student data. He warned of the dangers posed by illegal access to personal data pools by individuals, companies, and government agencies, which are often exploited for blackmail, identity theft, intimidation, targeted advertising, and extortion.
While citing the Data Protection Act of 2019, which provides guidelines for institutions like Egerton University, Professor Ogendi highlighted that the university has developed a draft policy on Data Protection and Security to help operationalise the Act. He stressed that the growing reliance on digital platforms demands a collective effort to understand best practices for data handling, storage, and sharing. He underscored the importance of data protection in maintaining the university’s accountability, integrity, and reputation.
The training initiative comes as the ODPC announced nationwide inspections across sectors to enforce compliance with data protection laws. Training Coordinator Mr Godfrey Murata explained that the programme covers key topics including data privacy laws, cybersecurity protocols, recognising cyber threats, and implementing effective data management strategies.
On June 3, Data Commissioner Ms Immaculate Kassait announced the nationwide inspections to assess how organisations manage personal data and to provide guidance on legal obligations. ODPC is a government institution mandated to regulate the processing of personal data, ensuring the rights of data subjects and defining the obligations of data controllers and processors. It was established under the Data Protection Act of 2019.
Currently, 36 African countries, including Kenya, have Data Protection Acts or regulations, while 16 have signed the African Union Convention on Cyber Security and Personal Data Protection. Mr Murata warned organisations that violations flagged by ODPC could result in enforcement notices, administrative fines, and substantial public relations costs due to negative publicity.
The Data Protection (General) Regulations 2021 and Complaints Handling Regulations took effect on March 14, 2022, while registration of data controllers and processors commenced on July 14, 2022. These regulations provide for data subject rights and limitations on the commercial use of information. They define the roles of data controllers and processors, procedures for reporting data breaches, and rules governing the transfer of data outside Kenya.
Mr Murata noted that data breaches can cause severe financial losses, legal penalties, and reputational damage to organisations. By prioritising data protection, institutions ensure continuity, stability, and build customer loyalty. He further said the training equips employees with knowledge about the ODPC’s mandate and core responsibilities regarding data protection.
