Here is the honest situation. Kenya's Data Protection Act, enforced by the Office of the Data Protection Commissioner, is a GDPR-style law: the data protection principles, a lawful basis, privacy notices, data subject rights, protection for sensitive and children's data, registration of controllers and processors above thresholds, DPIAs, appropriate security, breach notification within 72 hours where feasible, and cross-border transfer conditions with local-storage rules for some data. It also reaches organizations abroad processing the data of people in Kenya. An organization that assumes it is out of scope, or has not registered, is exactly where organizations fall short.
This Kit removes the guesswork. It is the DPA written as adopt-ready controls you personalize in a weekend, with the evidence the Data Commissioner examines.
What you get, the moment you buy
Grounded in Kenya's Data Protection Act, with the principles, lawful basis, privacy notices, data subject rights, sensitive and children's data, registration, DPIAs, security, the 72-hour breach notification and cross-border transfers called out. Editable Word and Excel files.
What one control looks like
This is confirming how the DPA applies, where scope begins. All 18 are built to this depth.
Why this is not another template pack
- The evidence is the point. An obligation you cannot evidence is an enforcement risk. This tells you what the Data Commissioner examines and where organizations fall short, for every obligation.
- Registration, rights and 72-hour breach built in. Registration, data subject rights and the 72-hour breach notification are written into the controls, the substance the DPA requires.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. The DPA shares its shape with the GDPR and other African privacy laws, so this work feeds your regional privacy program.
Who buys this
Organizations processing personal data of people in Kenya and their privacy, legal and security leads. Whether it is a first alignment or a readiness pass, you save weeks and walk in with registration, rights and breach process structured.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
Does it cover registration? Yes. Determining and completing registration with the Office of the Data Protection Commissioner is built as a control.
Does it cover the 72-hour breach rule? Yes. Notifying the Data Commissioner within 72 hours where feasible is built as a control.
Is this legal advice? No. It is an implementation toolkit grounded in the DPA. For a specific matter consult counsel; this gets your controls and evidence in order fast.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com