Kenya Rights Guide

Your Data Privacy Rights in Kenya — Data Protection Act 2019

Kenya's Data Protection Act 2019 gives you the right to know how your data is used, to correct it, and to have it deleted. Violations can be reported to the Office of the Data Protection Commissioner.

Free Kenya Law 3 related guides

Direct Answer

The Data Protection Act 2019 gives every Kenyan the right to access their personal data held by any organisation, to correct inaccurate data, to object to its processing, and to have it deleted. Organisations that misuse or share your data without consent can be reported to the Office of the Data Protection Commissioner (ODPC) — free.

What the Law Says

Your Legal Foundation

Data Protection Act 2019

Section 26

“A data subject has the right to access information held about them, the right to correction of false or misleading data, and the right to object to the processing of their personal data.”

Data Protection Act 2019

Section 33

“A data subject may complain to the Data Commissioner regarding a breach of this Act by a data controller or data processor.”

Constitution of Kenya 2010

Article 31

“Every person has the right to privacy, which includes the right not to have information relating to their family or private affairs unnecessarily required or revealed.”

What to Do

Step-by-Step Guide

1Identify the violation. Common violations include: data shared without your consent, data used for a purpose you didn't agree to, unsolicited marketing, failure to secure your data, or refusal to delete your data on request.
2Request action from the organisation in writing — ask them to stop processing, correct, or delete your data. Give them 21 days to respond.
3If they don't respond or refuse, file a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke. The process is free.
4Include your evidence — screenshots, emails, the organisation's response, and a description of the harm caused.
5The ODPC can investigate, issue enforcement notices, and impose fines of up to KSh 5 million on organisations that violate your data rights.

What to Say

Exact Words to Use

“"Under Section 26 of the Data Protection Act 2019, I am requesting access to all personal data you hold about me. Please provide this within 21 days."”

Tone: Written — to any organisation holding your data

“"Under Section 26 of the Data Protection Act 2019, I am withdrawing my consent for the processing of my personal data and requesting its deletion. Please confirm deletion within 21 days."”

Tone: Written — to request data deletion

Common Questions

Frequently Asked Questions

Does the Data Protection Act apply to all organisations?

Yes — it applies to any person or organisation (called a "data controller") that processes personal data about Kenyan residents, whether based in Kenya or abroad. This includes banks, hospitals, employers, social media platforms, and government agencies.

My phone number was shared with third-party marketers without my consent — what can I do?

File a complaint with the ODPC immediately. Unsolicited marketing using data obtained without consent is a violation. You can also report to the Communications Authority of Kenya (CA) for telecoms-related spam.

A data breach exposed my personal information — can I claim compensation?

Yes. Under the Data Protection Act, you can claim compensation from the organisation responsible for the breach. File with the ODPC and also consult a lawyer about a civil damages claim in the High Court.

Does this cover health and medical data?

Yes — health data is classified as "sensitive personal data" and has the highest level of protection. A hospital, clinic, or insurance company cannot share your medical information without your explicit consent except in very limited circumstances.

Get Help Now

Resources & Helplines

Office of the Data Protection Commissioner (ODPC)

odpc.go.ke

File data privacy complaints here. Free.
Communications Authority of Kenya

020 242 3000

Complaints about telecoms data misuse and spam.
Kenya National Commission on Human Rights

020 271 7908

Privacy violations as a human rights issue.

Continue Learning

Practice Your Rights Out Loud

The Advocate gives you exact rebuttals, law references, and Scripture for real-life scenarios across workers' rights, eviction, arrest, and more. Free to try.

Open The Advocate — Free

No credit card needed · Know Your Rights. Know Your Word.