Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.



411 University St, Seattle, USA


+1 -800-456-478-23


Is Your Visitor Management Aligned with Kenya’s Data Protection Act (DPA)

Following the Enactment of the Data Protection Act (DPA) and the establishment of the Office of the Data Protection Commissioner (ODPC), Data Protection (General) Regulations, 2021 Regulations are now in full force.

These regulations apply to all businesses that handle that handling personal data In Kenya. This is evidenced by the recent action by the ODPC to Issue penalty notices to several data controllers for failing to observe Data Privacy Rights to Data Subjects and to comply with the Data Protection Act.

DPA Compliance:

The DPA Regulations define rights for data subjects and responsibilities for Data Controllers, Processors, and third parties handling personal data. This legal framework requires organizations to review their data management practices, including Visitor Management.

Entities are expected to comply with the DPA by implementing data protection principles and safeguards that ensure that the processing of personal data is in compliance with the provisions of the act fail to comply with the act will result in the institution of enforcement procedures.

Visitor Data Compliance Risks:

Many organizations still use manual visitor registration methods like Visitor Books, which now pose compliance risks under the new laws.

Compliance with the DPA is essential, with significant penalties for violations. Fines of up to KES. 5 million (approx. USD. 50,000) or 1% of annual turnover can be imposed for non-compliance, and failure to comply with the Commissioner’s orders is considered an offense. Data subjects can also seek compensation for damages.

DPA Compliance Requirements for Visitor Management:

  1. Use visible signage to explain data purposes with reference to relevant supporting legal frameworks.
  2. Be transparent about data collection intentions and use; Store data only for necessary periods, restrict access to authorized individuals, and implement security measures like encryption and passwords.

Stay Compliant:

Consider using a Digital Visitor Management System (VMS) with built-in features like consent agreements, opt-out options, and data encryption. SOJA VMS offers solutions to help organizations achieve full compliance with the Act.

Contact us to learn more about how SOJA VMS can assist your organization in achieving full compliance.