!
No.
8
Data Protection
2019
“sensitive personal data” means data revealing the
natural person’s race, health status, ethnic social origin,
conscience, belief, genetic data, biometric data, property
details, marital status, family details including names of the
person’s children, parents, spouse or spouses, sex or the
sexual orientation of the data subject; and
“third Party” means natural or legal person, public
authority, agency or other body, other than the data subject,
data controller, data processor or persons who, under the
direct authority of the data controller or data processor, are
authorised to process personal data;
3. The object and purpose of this Act is—
Object and
purpose of this
Act.
(a) to regulate the processing of personal data;
(b) to ensure that the processing of personal data of a
data subject is guided by the principles set out in
section 25;
(c) to protect the privacy of individuals;
(d) to establish the legal and institutional mechanism
to protect personal data; and
(e) to provide data subjects with rights and remedies
to protect their personal data from processing that
is not in accordance with this Act.
4. This Act applies to the processing of personal data
—
(a) entered in a record, by or for a data controller or
processor, by making use of automated or nonautomated means:
Provided that when the recorded personal data is
processed by non-automated means, it forms a whole or
part of a filing system;
(b) by a data controller or data processor who—
(i) is established or ordinarily resident in Kenya
and processes personal data while in Kenya; or
(ii) not established or ordinarily resident in Kenya,
but processing personal data of data subjects
located in Kenya.
Application.