Introduction
The Kenya ICT Action Network (KICTANet) and Katiba Institute will conduct training on data protection for Civil Society Organisations (CSOs) in Kenya to build their capacity in compliance with Kenya’s Data Protection Act, 2019 and its regulations.
Background and Context
In recent years, there has been a significant shift towards data protection regulations globally, with Kenya enacting the Data Protection Act, 2019 to safeguard individuals’ data. Civil Society Organisations (CSOs) in Kenya are also required to comply with these data protection laws to ensure their lawful handling of the personal data of their stakeholders including staff, volunteers, donors, suppliers, beneficiaries, partners and service providers. Failure to comply with these regulations can lead to penalties and sanctions, highlighting the critical need for capacity building to support Civil Society Organisations (CSOs) in navigating the complexities of compliance with privacy and data protection laws.
KICTANet and Katiba Institute have recognized the importance of equipping Civil Society Organisations (CSOs) with the necessary knowledge and skills to comply with the Data Protection Act, 2019 and related policy and legal frameworks. KICTANet, with its expertise in digital resilience and technology support, and Katiba Institute, focusing on strategic litigation, are well-positioned to collaborate in developing a comprehensive training program tailored for Civil Society Organisations (CSOs) in Kenya. The aim is to empower Civil Society Organisations (CSOs) to understand, implement, and adhere to the provisions of the Data Protection Act while ensuring they handle personal data lawfully and ethically.
Proposed Activities
- Training Sessions: Conduct interactive and engaging training sessions on data protection compliance tailored for Civil Society Organisations (CSOs) in Kenya.
- Compliance Assessments: Offer assessments to identify gaps in data protection practices within Civil Society Organisations (CSOs) and provide recommendations for improvement.
- Registration Support: Guide Civil Society Organisations (CSOs) in the application process to obtain certification from the Office of the Data Protection Commission.
Objectives
- Raise Awareness: Increase awareness among Civil Society Organisations (CSOs) in Kenya about the importance of data protection and the legal obligations under the Data Protection Act.
- Build Capacity: Provide Civil Society Organisations (CSOs) with the necessary knowledge and skills to effectively handle personal data, ensuring compliance with data protection regulations.
- Facilitate Compliance: Assist Civil Society Organisations (CSOs) in understanding and implementing the key provisions of the Data Protection Act, including data collection, storage, sharing, and security measures.
- Empower Civil Society Organisations (CSOs): Empower Civil Society Organisations (CSOs) to establish robust data protection policies, procedures, and practices to safeguard personal data and enhance trust with stakeholders.
Expected Outcomes
- Enhanced understanding of data protection laws among Civil Society Organisations (CSOs).
- Improved data handling practices and compliance with the Data Protection Act.
- Strengthened data protection policies and procedures within Civil Society Organisations (CSOs).
- Increased trust and credibility of Civil Society Organisations (CSOs) through ethical data management practices.
Roles of KICTANet
- Provide trainers
- Provide course for the training
Roles of Katiba Institute
- Partner with KICTANet in the development of the program and facilitation
- Partner in the mobilization of the participants
Roles of Ford Foundation
- Provide a list of participants
Format of the Event
A practical physical two-day workshop, where attendees will have the opportunity to engage in discussions, ask questions, and receive personalized feedback from the trainers. This will be held at a venue in Nairobi, Kenya.
Attendees
The participants will include 45 representatives drawn from relevant local Civil Society Organisations (CSOs).
About the Organizers
The Kenya ICT Action Network (KICTANet) is a policy think tank that acts as a multi-stakeholder ICT policy and regulation platform. KICTANet’s guiding philosophy encourages synergies for ICT policy-related activities and initiatives. The network provides mechanisms and a framework for continuing cooperation and collaboration in ICT matters among industry technical community, academia, media, development partners, and Government.
Katiba Institute (KI) is a Kenyan nonprofit organization formed in 2011 to promote knowledge and understanding of Kenya’s Constitution and constitutionalism and to defend and facilitate the implementation of the Constitution.
Privacy and Data Protection Compliance Training for Civil Society Organisations (CSOs)
Date: 30 – 31 July, 2024 | Venue: TBC
Registration link:
Agenda – Day 1
| Time | Agenda | Moderator |
|---|---|---|
| 08:00 – 08:30 | Arrival and Registration | |
| 08:30 – 08:45 | Opening and Welcome Remarks
KICTANet Katiba institute Ford Foundation |
KICTANet |
| 08:45 – 9:00 | Agenda Setting and Objectives | KICTANet |
| 09:00 – 10:30 | Privacy: Key Concepts, Historical Context and Importance of Privacy and Data Protection for Civil Society Organisations | Victor Kapiyo, KICTANet |
| 10:30 – 10:45 | Tea Break | |
| 10:45 – 11:45 | Overview of the Policy and Legal Framework (Constitution, Data Protection Act 2019 and Relevant Laws and International Instruments) | Katiba |
| 11:45 – 13:00 | Regulatory Compliance and Enforcement of the DPA (Role of ODPC, Penalties, and Best Practices) | ODPC |
| 13:00 – 14:00 | Lunch Break | |
| 14:00 – 15:00 | Data Protection Principles | Cherie Oyier, KICTANet |
| 15:00 – 16:00 | Data Subjects Rights | Katiba |
| 16:00 – 16:15 | END of Day 1 | |
Agenda – Day 2
| Time | Agenda | |
|---|---|---|
| 08:00 – 08:30 | Arrival and Registration | |
| 08:30 – 08:45 | Recap of Day 1 | Jacinta Wothaya |
| 08:45 – 9:45 | Building a Data Protection Organizational Culture – Staff training, Policies, Monitoring, and Audit Practices) | Tevin Mwenda |
| 09:45 – 10:45 | Roles and Responsibilities of the Data Protection Officer | Rosemary Kimwatu |
| 10:45 – 11:00 | Tea Break | |
| 11:00 – 12:00 | Data Protection Impact Assessment, Risk Management and Compliance Assessments | John Walubengo |
| 12:30 – 13:00 | Data Security and Breach Management (Security measures, incident response and notification) | Jacinta Wothaya |
| 13:00 – 14:00 | Lunch Break | |
| 14:00 – 15:00 | Group Exercise and case study review | KICTANet/Katiba |
| 15:00 – 16:00 | Group presentations | KICTANet/Katiba |
| 16:00 – 16:15 | Monitoring, evaluation, and next steps | |
| 16:15 – 16:30 | Closing Session | |
| 16:30 – | Tea Break | |
