By Jabali Media
Kenyans have been urged to frequently report the misuse of personal data, so that relevant action may be taken against the culprits.
According to the Office of the Data Protection Commissioner (ODPC), members of the public must exercise their rights as outlined in data protection laws, so as to guard against misuse by organizations.
Data Commissioner Immaculate Kassait says that reporting cases of data misuse will enable the ODPC to investigate within 90 days, leading to determinations that provide legal recourse, enhance transparency, and promote accountability in safeguarding individuals' rights and interests.
Complaints, she said, can be lodged online through the ODPC website or in person at ODPC offices in Nairobi, Kisumu, Mombasa, Eldoret, Machakos, Nyeri and Nakuru.
“It is important for individuals to file complaints with us as it sets the stage for investigations. By doing so, the ODPC will ensure that your rights are respected, giving you control over your personal information and establishing a framework for accountability and transparency in data processing activities,” she stated.
Kassait made the remarks during a national data protection advocacy program, seeking to educate the public about their rights under data protection laws.
The sensitization forum was held in Kisumu on Tuesday, having been held in Kisii, Nyeri, Molo, and Oloitoktok towns.
The Data Commissioner highlighted the importance of raising awareness across the country, to empower individuals in protecting their privacy and fostering a culture of compliance with individual rights.
“Take control of your data and avoid negligence in sharing personal information,” she insisted.
As of March, 2025, the Office had received 7,128 complaints and issued determinations on 215 cases.
Among these, penalties have been imposed on 10 entities, while 103 compensations have been issued.
Thirty-nine other cases have been resolved through Alternative Dispute Resolution (ADR) mechanisms.
The Office of the Data Protection Commissioner was established in November 2020, pursuant to the Data Protection Act, 2019, to regulate the processing of personal data.
