Office of the Data Protection Commissioner (ODPC) has issued three Penalty Notices to Data Controllers found in violation of data privacy rights taht amounts to Ksh 9,375,000
Mulla Pride Ltd, a Digital Credit Provider operating KeCredit and Faircash mobile lending Apps, has been slapped with a substantial penalty of KES 2,975,000.
The company was found guilty of utilizing personal information, including names and contact details of complainants, obtained from third parties, to send threatening messages and make unsolicited phone calls.
This enforcement action serves as a reminder to digital lenders and financial institutions to respect data subjects’ rights by notifying them when collecting and processing their data and obtaining their consent.
In another case, Casa Vera Lounge, a popular restaurant located along Ngong Road in Nairobi, has been fined KES 1,850,000 for posting a customer’s image on their social media platform without obtaining the necessary consent.
The third and most substantial fine of KES 4,550,000 was imposed on Roma School, an educational institution in Uthiru. The school was penalized for posting pictures of minors without the consent of their parents or guardians.
These penalties have been issued under Sections 62 and 63 of the Data Protection Act, 2019 (Act), and Regulations 20 and 31 of the Data Protection (Complaint Handling Procedure and Enforcement) Regulations, 2021.
Data Commissioner Immaculate Kassait emphasized the importance of complying with the Data Protection Act and implementing data protection principles and safeguards. She warned that failure to comply with the Act would result in enforcement procedures being initiated.
Kassait also announced that the ODPC had conducted a compliance audit on WhitePath, a digital credit provider, and had conducted an inspection of Naivas Supermarkets regarding a recent data breach.
Subscribe to Switch TV
The findings of these investigations will be shared with the respective Data Controllers for prompt action.
Additionally, the ODPC is set to conduct forty compliance audits on various Data Controllers and Processors across different sectors during this Financial Year.