Cybersecurity, Privacy, and Data Protection

Ensuring Comprehensive Data Protection Compliance

At KK WAWERU Advocates LLP, we offer extensive legal advisory services related to privacy and data
protection under the Kenyan Data Protection Act, 2019, as well as international frameworks like the EU
General Data Protection Regulation (GDPR). Additional relevant legislation includes the Consumer
Protection Act, Media Act, and Kenya Information and Communications Act.

Understanding the Kenyan Data Protection Act

Enacted on 8th November 2019, the Kenyan Data Protection Act applies to data controllers and processors
both within and outside Kenya, provided they handle personal data of individuals located in Kenya. This
law is rooted in the constitutional right to privacy as outlined in Article 31(c) and (d) of the Kenyan
Constitution.

Our Expertise

Our practice focuses on cybersecurity, privacy, and data protection across various sectors, including
internet services, e-commerce, intellectual property, and regulated industries like telecom, finance,
pharmaceuticals, advertising, and gaming. We handle both contentious and non-contentious matters,
such as data protection claims, data breaches, advisory on data protection contracts, cybersecurity, data
management, audits, and compliance projects.

 
Client Support at Every Stage of the Data Lifecycle

We assist clients in managing privacy and security risks from the initial assessment stage through to
compliance with applicable laws. During product development and marketing stages, we provide guidance
to ensure privacy and security are integrated to enhance effectiveness and avoid legal pitfalls.

Comprehensive Services

Our services cover a wide range of areas, including:

• Strategic Regulatory Compliance Advice – Ensuring compliance with data protection laws and
regulations.
• Vendor Management Program Development – Creating and implementing vendor management
programs.
• Cybersecurity and Privacy Contracts – Developing and negotiating contracts related to
cybersecurity and privacy.
• Data Protection Program Development – Establishing comprehensive data protection programs.
• Audits and Compliance – Conducting data protection, privacy, and cybersecurity audits,
compliance risk assessments, and remediation.
• Cyber Risk Management – Providing strategies for managing cyber risks and responding to
incidents.
• Privacy Policies – Crafting privacy policies for organizations, websites, and mobile applications.
• M&A and Technology Transactions: Advising on data privacy and cybersecurity in mergers,
acquisitions, and technology transactions.
• Regulatory Response and Litigation – Handling responses to regulatory investigations and
litigation related to data security, privacy, and technology.
• Cross-Border Data Flow – Advising on requirements and solutions for international data transfers.