Cyber Security, Privacy & Data Protection
We also offer legal advisory services in relation to privacy and data protection under the Kenyan Data Protection Act, 2019 as well as legal instruments like EU General Data Protection Regulation (GDPR), which is a benchmark for data protection. In addition, there are other legislations, which apply to data protection and privacy including the Consumer Protection Act, the Media Act and the Kenya Information and Communications Act.
The Kenyan Data Protection Act, which was enacted on 8th November 2019, applies to data controllers and processors established or resident in or outside Kenya in so far as they process personal data while in Kenya or of data subjects located in Kenya.
This law was enacted in accordance with the requirements of Article 31(c) and (d) of the Constitution of Kenya. Therefore, data protection and privacy have a constitutional underpinning.
At CM Advocates, our practice in cybersecurity, privacy and data protection focuses on internet sectors, e-Commerce and intellectual property, regulated industries (like telecom, financial, pharmaceutical, advertisement and gaming sectors) as well as public entities. We have expertise on contentious matters like data protection law-related claims of the individuals affected (such as employees’ information claims) and data breaches as well as non-contentious matters including data protection contracts, cybersecurity and data management advisory, data protection audits and compliance projects. In addition to assisting clients in their response to regulator investigations, we advise on class action lawsuits and other claims that arise out of privacy violations and security breaches. In collaboration with our other teams, we also counsel clients on crosscutting issues including on labour and employment, consumer protection, competition law and product-based liability.
We can advise our clients at each stage of the data lifecycle. At the first stage, we help our clients assess and reduce their privacy and security risks and comply with applicable laws. When developing new products and services or during marketing stage, we assist clients by advising on privacy and security at the outset to maximize the effectiveness of their offerings and avoid legal and regulatory pitfalls. We advise clients on complex issues associated with both personal and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction. We guide and advise clients on legal compliance and business strategy relating to privacy and security risk management, cybersecurity and technology transactions.
Our areas of work include:
- Strategic regulatory compliance advice;
- Vendor management program development and implementation;
- Cybersecurity and privacy contract development and negotiation;
- Data protection programs development;
- Data protection, privacy and cybersecurity audits, compliance risk assessment and remediation;
- Cyber risk management and incident response;
- Privacy policies for organizations and their websites and mobile privacy issues;
- M&A and technology transactions;
- Data security, privacy and technology regulatory response and litigation;
- Regulatory investigations by sector-specific regulators;
- Cross-border data flow requirements and solutions.
Get in Touch
Call 0716 209 673 or
Send us a Message
Related Articles
Legal Boundaries of Data Commissioner’s Enforcement Powers
In a landmark judgment Metropolis Star Lab Kenya Ltd v Kioko & another (Civil Appeal E1140 of 2024) ...Read more
Key Clauses to Include an A Software Licensing Agreement
The agreement defines and protects the rights of the parties involved in a clear and concise manner ...Read more
This is Why You Need a Software Licensing Agreement
Contracts, in general, seek to provide a level of clarity and certainty on the underlying arrangemen...Read more
Registration of Data Controllers and Data Processors
The Data Protection Act (DPA) came into force in 2019, introducing an entire regime of protecting pe...Read more
Security of Personal Data: Lessons from the Huduma Number Court Decision
In the world we live in today, data has become quite a crucial commodity with immeasurable capabilit...Read more
Data Protection in M&A What You Need to Know
Any context requiring or necessitating the use of personal data requires taking steps to comply with...Read more
Notification of Data Breach
One of the distinct changes made to the way we handle and perceive personal data relates to respondi...Read more
Data Security Today
Technology has so strongly been synced to our everyday lives and as a result, data security is both ...Read more
Data Subject - What you need to know
The Data Protection Act, No. 24 of 2019 (the DPA), introduced various concepts and principles aimed ...Read more
Who is a Data Controller or a Data Processor?
The Data Protection Act, No. 24 of 2019 (the DPA), introduced various concepts and principles aimed ...Read more
The Data Protection Act: A Series
The Data Protection Act, No. 24 of 2019 (the DPA) was enacted into law on 11 November 2019 through G...Read more
What you need to know about the Data Protection Act, 2019
For a long time, Kenya has lacked a comprehensive personal data protection legislation which has bee...Read more
Our Legal Experts
Meet the specialized professionals in our Cyber Security, Privacy & Data Protection unit
Contact Us to Request a Consultation
×Call us on +254 716 209 673
Or email us on law@cmadvocates.com
NEED SOME HELP?
- I'M LOOKING FOR SOMEONE
-
I NEED INFORMATION ON A SPECIFIC AREA
ABCDEFIMPRST
- I WANT TO CONTACT YOU
- MAKE A PAYMENT
- SUBSCRIBE TO NEWSLETTER
IF IT'S URGENT, PLEASE
CALL +254 716 209 673