Elite Designs Kenya Logo

The Data Protection Act & Your Website: A Simple Guide for Kenyan Businesses

Handling customer data on your Kenyan website? This guide simplifies the Data Protection Act, 2019, and explains the key steps you need to take for compliance.

DEDavid Esabwa
The Data Protection Act & Your Website: A Simple Guide for Kenyan Businesses

If your website collects any personal information from visitors—from a simple contact form to e-commerce orders—you are legally required to comply with Kenya's Data Protection Act, 2019. Non-compliance can lead to heavy fines and loss of customer trust. But don't panic; for most small businesses, the core requirements are straightforward.

What is Personal Data?

The Act defines personal data as any information relating to an identified or identifiable person. For a website, this includes:

  • Names
  • Email addresses
  • Phone numbers
  • Physical addresses
  • IP addresses (collected by analytics tools)

Key Compliance Steps for Your Website

1. Have a Clear and Accessible Privacy Policy

This is the most critical step. Your website must have a Privacy Policy page that is easy to find. It must clearly explain in simple language:

  • What data you collect.
  • Why you collect it (e.g., "to respond to your inquiry," "to process your order").
  • How you store it and keep it secure.
  • Whether you share it with any third parties (e.g., a delivery company, an email marketing service).
  • How users can access or delete their data.

2. Get Explicit Consent

You must get clear consent from users before collecting their data. For your website, this means:

  • Having a checkbox on your contact forms that says something like, "I agree to the terms and privacy policy." This checkbox cannot be pre-ticked.
  • For marketing emails, you must get separate, explicit consent to send promotional material (opt-in, not opt-out).

3. Practice Data Minimization

Only collect the data you absolutely need. If you don't need a customer's phone number to answer their email inquiry, don't ask for it on your contact form.

4. Ensure Your Website is Secure

You have a legal duty to protect the data you collect. This means your website must be secure. The most basic step is having an SSL certificate (HTTPS) to encrypt data in transit. Your hosting and website platform must also be secure.

"Compliance with the Data Protection Act is not just a legal obligation; it's a powerful way to build trust with your customers. It shows you respect their privacy."

We Build Compliant Websites

Disclaimer: This article is not legal advice. You should consult with a legal professional for specific guidance on the Data Protection Act.

However, at Elite Designs Kenya, we build websites with compliance in mind. We ensure our forms, security practices, and site structure align with the core principles of data protection, helping you meet your obligations and build a trustworthy online presence. If you have concerns about your current website's compliance, contact us for a review.