Kenyan Schools & Hospitals Must Register with ODPC – Here’s How to Stay Compliant
As schools and hospitals in Kenya handle significant volumes of personal and sensitive data, compliance with the Data Protection Act, 2019, is no longer optional. The Office of the Data Protection Commissioner (ODPC) requires all institutions processing such data to register to ensure accountability, transparency, and security in data handling practices. In this regard the ODPC has issued the following guidance note to guide schools and health institutions in registering as Data Controller and Processors.(i) ODPC Guidance Note on the Processing of Health Data
- (ii) ODPC Guidance Note for the Education Sector.
Why Register with the ODPC?
For schools, student records containing personal information like names, identification numbers, and academic performance must be protected. Similarly, hospitals process sensitive health information and must ensure data privacy. Registration with the ODPC demonstrates compliance with the law, builds trust with stakeholders, and protects institutions from potential legal penalties and reputational harm.
The Registration Process
The ODPC registration involves:
- Submittinginstitutionaldetails(e.g.,legalname,sector,contactinformation).
- Declaringthetypesofpersonalandsensitivedataprocessed.
- Providingdetailsofdataprotectionmeasures,riskassessments,andcross-borderdata transfers (if applicable).
- Payingtheapplicableregistrationfeesbasedonturnoverandworkforcesize.
Upon successful registration, institutions receive a certificate of registration as Data Controller and Data Processor valid for two years, which must be renewed to maintain compliance at the end of each period.
Why Act Now?
The Kenya Medical Practitioners and Dentists Council (KMPDC) has already issued a compliance deadline of March 31, 2025, for hospitals. Schools are also required to register promptly under the Data Protection Act to avoid legal and financial consequences.
How We Can Help
Navigating the ODPC registration process can be complex, but that’s where we come in. Our law firm specializes in data protection compliance, offering tailored solutions for schools and hospitals, including:
- Assessing data handling practices and identifying risks.
- Guiding institutions through the ODPC registration process.
- Ensuring compliance with all data protection requirements.Let us help your institution stay ahead by ensuring full compliance with the law.
For more insights pertaining to this matter, you can email us on info@mmsadvocates.co.ke. You can also find us at MMS Advocates, Lower Duplex Apartments, Lower Hill Road.
Written By Jean-Marie.