Privacy and Data Protection Compliance Training for Civil Society Organisations (CSOs)

Introduction

The Kenya ICT Action Network (KICTANet) and Katiba Institute will conduct training on data protection for Civil Society Organisations (CSOs) in Kenya to build their capacity in compliance with Kenya’s Data Protection Act, 2019 and its regulations. 

Background and Context

In recent years, there has been a significant shift towards data protection regulations globally, with Kenya enacting the Data Protection Act, 2019 to safeguard individuals’ data. Civil Society Organisations (CSOs) in Kenya are also required to comply with these data protection laws to ensure their lawful handling of the personal data of their stakeholders including staff, volunteers, donors, suppliers, beneficiaries, partners and service providers. Failure to comply with these regulations can lead to penalties and sanctions, highlighting the critical need for capacity building to support Civil Society Organisations (CSOs) in navigating the complexities of compliance with privacy and data protection laws.

KICTANet and Katiba Institute have recognized the importance of equipping Civil Society Organisations (CSOs) with the necessary knowledge and skills to comply with the Data Protection Act, 2019 and related policy and legal frameworks. KICTANet, with its expertise in digital resilience and technology support, and Katiba Institute, focusing on strategic litigation, are well-positioned to collaborate in developing a comprehensive training program tailored for Civil Society Organisations (CSOs) in Kenya. The aim is to empower Civil Society Organisations (CSOs) to understand, implement, and adhere to the provisions of the Data Protection Act while ensuring they handle personal data lawfully and ethically.

Proposed Activities

  • Training Sessions: Conduct interactive and engaging training sessions on data protection compliance tailored for Civil Society Organisations (CSOs) in Kenya.
  • Compliance Assessments: Offer assessments to identify gaps in data protection practices within Civil Society Organisations (CSOs) and provide recommendations for improvement.
  • Registration Support: Guide Civil Society Organisations (CSOs) in the application process to obtain certification from the Office of the Data Protection Commission.

Objectives

  • Raise Awareness: Increase awareness among Civil Society Organisations (CSOs) in Kenya about the importance of data protection and the legal obligations under the Data Protection Act.
  • Build Capacity: Provide Civil Society Organisations (CSOs) with the necessary knowledge and skills to effectively handle personal data, ensuring compliance with data protection regulations.
  • Facilitate Compliance: Assist Civil Society Organisations (CSOs) in understanding and implementing the key provisions of the Data Protection Act, including data collection, storage, sharing, and security measures.
  • Empower Civil Society Organisations (CSOs): Empower Civil Society Organisations (CSOs) to establish robust data protection policies, procedures, and practices to safeguard personal data and enhance trust with stakeholders.

Expected Outcomes

  • Enhanced understanding of data protection laws among Civil Society Organisations (CSOs).
  • Improved data handling practices and compliance with the Data Protection Act.
  • Strengthened data protection policies and procedures within Civil Society Organisations (CSOs).
  • Increased trust and credibility of Civil Society Organisations (CSOs) through ethical data management practices.

Roles of KICTANet

  1. Provide trainers
  2. Provide course for the training

Roles of Katiba Institute

  1. Partner with KICTANet in the development of the program and facilitation
  2. Partner in the mobilization of the participants

Roles of Ford Foundation

  1. Provide a list of participants

Format of the Event

A practical physical two-day workshop, where attendees will have the opportunity to engage in discussions, ask questions, and receive personalized feedback from the trainers. This will be held at a venue in Nairobi, Kenya.

Attendees

The participants will include 45 representatives drawn from relevant local Civil Society Organisations (CSOs).

About the Organizers

The Kenya ICT Action Network (KICTANet) is a policy think tank that acts as a multi-stakeholder ICT policy and regulation platform. KICTANet’s guiding philosophy encourages synergies for ICT policy-related activities and initiatives. The network provides mechanisms and a framework for continuing cooperation and collaboration in ICT matters among industry technical community, academia, media, development partners, and Government.

Katiba Institute (KI) is a Kenyan nonprofit organization formed in 2011 to promote knowledge and understanding of Kenya’s Constitution and constitutionalism and to defend and facilitate the implementation of the Constitution.

Privacy and Data Protection Compliance Training for Civil Society Organisations (CSOs)

Date: 30 – 31 July, 2024 | Venue: TBC
Registration link: 

 

Agenda – Day 1

Time Agenda Moderator
08:00 – 08:30 Arrival and Registration
08:30 – 08:45 Opening and Welcome Remarks

KICTANet

Katiba institute

Ford Foundation

KICTANet
08:45 – 9:00 Agenda Setting and Objectives KICTANet
09:00 – 10:30 Privacy: Key Concepts, Historical Context and Importance of Privacy and Data Protection for Civil Society Organisations Victor Kapiyo, KICTANet
10:30 – 10:45 Tea Break
10:45 – 11:45 Overview of the Policy and Legal Framework (Constitution, Data Protection Act 2019 and Relevant Laws and International Instruments) Katiba
11:45 – 13:00 Regulatory Compliance and Enforcement of the DPA (Role of ODPC, Penalties, and Best Practices) ODPC
13:00 – 14:00 Lunch Break
14:00 – 15:00 Data Protection Principles Cherie Oyier, KICTANet
15:00 – 16:00 Data Subjects Rights Katiba
16:00 – 16:15 END of Day 1

Agenda – Day 2

Time Agenda
08:00 – 08:30 Arrival and Registration
08:30 – 08:45 Recap of Day 1 Jacinta Wothaya
08:45 – 9:45 Building a Data Protection Organizational Culture – Staff training, Policies, Monitoring, and Audit Practices) Tevin Mwenda
09:45 – 10:45 Roles and Responsibilities of the Data Protection Officer Rosemary Kimwatu
10:45 – 11:00 Tea Break
11:00 – 12:00 Data Protection Impact Assessment, Risk Management and Compliance Assessments John Walubengo
12:30 – 13:00 Data Security and Breach Management (Security measures, incident response and notification)  Jacinta Wothaya
13:00 – 14:00 Lunch Break
14:00 – 15:00 Group Exercise and case study review KICTANet/Katiba
15:00 – 16:00 Group presentations KICTANet/Katiba
16:00 – 16:15 Monitoring, evaluation, and next steps
16:15 – 16:30 Closing Session 
16:30 –  Tea Break 

 

Loading