DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ฐ๐Ÿ‡ช Kenya

DPA KE

Data Protection Act 2019

In short
Kenya's Data Protection Act is closely modeled on the GDPR. Consent is one lawful basis and must be express, unequivocal, free, specific and informed, with stricter conditions for sensitive data and direct marketing.
Region

Kenya

Status

In force since 2019

Group

Asia & Africa

Who must comply

Data controllers and processors established in Kenya, and those abroad that process personal data of data subjects in Kenya.

Penalties

Penalties up to KES 5 million or, for undertakings, up to 1% of annual turnover, whichever is lower.

Key obligations

  • Obtain express, free and specific consent where it is the basis
  • Provide notice of purpose and rights before collection
  • Honor access, rectification, erasure and objection rights
  • Register as a data controller or processor where required
  • Notify the commissioner and affected people of breaches

How ConsentX helps

Express, specific opt-in consent capture

Direct-marketing opt-out controls

Geo-aware banner for Kenyan visitors

Rights request workflow with evidence

Region rule engine tuned for Kenya

Get DPA KE ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with DPA KE using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under DPA KE.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that DPA KE requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a DPA KE audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does Kenya's law require opt-in consent?+

Where consent is the lawful basis it must be express, unequivocal, free, specific and informed.

Who enforces Kenya's Data Protection Act?+

The Office of the Data Protection Commissioner, the ODPC, supervises and enforces the Act.

Countries under DPA KE

๐Ÿ‡ฐ๐Ÿ‡ช Kenya

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331