How Kenya’s Data Commission Clamped Down On 40 Digital Lenders

After receiving over a thousand complaints, including one regarding a violation of data privacy, Kenya’s Office of the Data Protection Commissioner (ODPC) has announced that it intends to conduct audits of forty digital lenders in the country.

“The Data Protection (complaints handling and enforcement procedures) regulations, 2021, took effect on February 2022 paving the way for data subjects to file complaints and report data breaches to the Data Commissioner. As of 30th September 2022, ODPC had received 1,030 complaints. The office admitted 555 of these cases, including 299 which were on digital lenders, representing 54 percent of all cases admitted,” a statement from the commission reads. 

The Central Bank of Kenya published a list of 10 digital lenders that were granted permission to operate late last month. Other service providers, the applications for which are still being reviewed, have been granted permission to continue business as usual; however, those service providers who did not submit an application will not be authorised to provide credit.

Read also Kenya’s Purple Elephant Ventures gets $1M pre-seedfunding

However, according to those who have filed complaints, some operators are still continuing to provide credit despite this.

Data Commissioner Immaculate Kassait
Data Commissioner Immaculate Kassait

“This is just one among many other complaints being investigated by the office. We want to assure the public that the complaints received will be investigated and concluded accordingly. All aggrieved members of the public are encouraged to continue sending their complaints,” Data Commissioner Immaculate Kassait said.

The Commission said in September that it had received 1,660 applications for Data Controllers and Processors who are required to register with the authority. These applicants must comply with the registration requirements.

Read also Nigeria Strengthens Data Protection Policy, Warns Against Unauthorized Access

Banks, corporations, and other types of organisations are examples of the kind of entities that are considered data controllers and processors because they deal with and process personal data. It guarantees that they are in possession of a licence that allows them to process personal data in accordance with the Data Protection Act of 2019.

Digital lenders Kenya Digital lenders Kenya

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer, who has several years of experience working in Africa’s burgeoning tech startup industry. He has closed multi-million dollar deals bordering on venture capital, private equity, intellectual property (trademark, patent or design, etc.), mergers and acquisitions, in countries such as in the Delaware, New York, UK, Singapore, British Virgin Islands, South Africa, Nigeria etc. He’s also a corporate governance and cross-border data privacy and tax expert. 
As an award-winning writer and researcher, he is passionate about telling the African startup story, and is one of the continent’s pioneers in this regard. You can book a session and speak with him using the link: https://insightsbyexperts.com/view_expert/charles-rapulu-udoh