Resources/Kenya DPA 2019 Checklist
Free Download

Kenya DPA 2019 Compliance Checklist

A step-by-step guide to every key obligation under the Kenya Data Protection Act 2019. Covers ODPC registration, ROPA, consent, DSR, DPIA, and breach notification - mapped to the relevant DPA sections.

Free download

Kenya DPA 2019 Compliance Checklist

We'll email you the download link. No spam - by submitting you agree to our Privacy Policy.

What's covered

DPA 2019 obligations checklist

Part II / s.25

Data Protection Principles & ROPA

  • Register all processing activities in a Records of Processing (ROPA)
  • Document lawful basis for each processing activity
  • Map data categories, recipients, and retention periods
  • Implement appropriate technical and organisational security measures
Part III

ODPC Registration

  • Determine if you are a data controller or data processor
  • Register with the ODPC (mandatory for all controllers and processors)
  • Appoint a Data Protection Officer (DPO) if required
  • Renew registration annually and update on material changes
ss.26-29

Data Subject Rights

  • Establish a DSR intake portal for access, erasure, portability, and rectification requests
  • Respond within the statutory deadline per request type (7-30 days depending on request type)
  • Implement identity verification proportional to the request
  • Provide privacy notices at point of data collection
s.32

Consent Management

  • Obtain freely given, specific, informed, and unambiguous consent
  • Never use pre-ticked boxes or bundled consent
  • Make withdrawal as easy as opting in
  • Implement parental consent for minors under 18
s.31

Data Protection Impact Assessments

  • Screen all new high-risk processing activities for DPIA requirements
  • Complete the six-step DPIA for processing likely to result in high risk
  • Seek ODPC prior consultation where residual risk remains high
  • Schedule re-assessments when processing activities change
s.43

Breach Management

  • Notify the ODPC within 72 hours of becoming aware of a breach
  • Document all breach details: nature, categories, subject count, consequences
  • Notify affected data subjects when breach is high risk to their rights
  • Maintain an immutable breach register for ODPC inspection

Automate your DPA 2019 compliance checklist

Dira checks these boxes for you - automatically. Consent management, DSR workflows, DPIA wizard, breach timers, and ODPC reports in one platform.

Start free trialBook a demo
30-day free trial No credit card Cancel anytime