Kenya strengthens data governance with new ODPC strategic plan and Nyeri regional office
Audio By Vocalize
Kenya’s data governance and privacy landscape has taken a step forward with the launch of the Office of the Data Protection Commissioner (ODPC) Strategic Plan 2025–2029 and the opening of a new regional office in Nyeri.
The two developments were announced during an event attended by ICT and digital economy stakeholders, including Data Commissioner Immaculate Kassait and Nyeri County Commissioner Ronald Mwiwawi.
Speaking at the event, Cabinet Secretary for ICT William Kabogo said data protection is essential to public trust in digital systems and national development. He noted that the Nyeri office—ODPC’s eighth regional branch—aims to bring data protection services closer to the public.
He also stressed the importance of integrating privacy into government-led digital infrastructure projects, such as the ongoing rollout of 100,000 kilometers of fibre optic cable and digital hubs across all constituencies.
“When people access government services or use mobile financial platforms, their trust relies on confidence that their personal data is secure,” he said. “That’s why data protection must be embedded by design.”
The ODPC Strategic Plan 2025–2029 outlines three main priorities: strengthening legal and regulatory frameworks, enhancing institutional capacity, and increasing compliance with data protection laws. It includes plans to review the Data Protection Act 2019 to address new risks emerging from technologies like artificial intelligence and blockchain. It also proposes aligning Kenya’s data protection regime with international standards, including seeking an EU adequacy decision to support cross-border digital trade.
The plan introduces regulatory sandboxes to allow controlled testing of new technologies such as AI, blockchain, and the Internet of Things, balancing innovation with data privacy safeguards.
Data Commissioner Kassait emphasised that privacy should be a core part of Kenya’s digital development. She said the strategic plan aims to shift the ODPC’s focus from enforcement alone to building public awareness and institutional accountability.
“We want every Kenyan, regardless of location, to understand their data rights and know that this Office exists to protect them,” she said.
The ODPC reported that under its previous plan, it registered more than 11,000 data controllers and processors, conducted over 100 audits, and resolved 98.5% of complaints. It also issued guidance for various sectors and held public awareness events nationwide.
The new five-year plan is more resource-intensive, with a projected funding requirement of Ksh 12.6 billion. With a current funding gap of Ksh 3.7 billion, the ODPC plans to expand partnerships, increase self-generated revenue, and engage in targeted sector collaborations to meet the shortfall.
CS Kabogo also called for updated regulations to address the growing risks associated with personal data use on social media platforms. He stressed the need for policies that can adapt to rapid digital changes and urged closer collaboration among government institutions and Parliament to support the broader data protection agenda.
Leave a Comment