Mwaidianalaw

17/02/2026

Ever wondered how to change your name in your ID or Passport. Or even your child's name in the birth certificate permanently? Well this post is for you

17/11/2025

5 Mistakes Kenyan Companies Make with Data Protection (and How to Avoid Them)

Kenyan businesses are sitting on a ticking time bomb — and most don’t even realize it. The Office of the Data Protection Commissioner (ODPC) is already issuing fines, and the pattern is clear: organizations are getting punished not for hacking scandals, but for simple, avoidable mistakes.
Here are the five most common data protection blunders Kenyan companies keep making — and how to fix them before you become the next cautionary tale.

1. Treating Compliance as a Paper Exercise
Most companies think drafting a “Data Protection Policy” and uploading it to their website equals compliance. It doesn’t.
Policies alone don’t protect data — people and systems do.
The real risk: When a breach happens, regulators ask, “Show us your training records, your data maps, your consent logs.” Most can’t.
Fix: Move from paper to practice. Train your staff, audit your systems, and make compliance a living process — not a dusty document.

2. Collecting Data Without Proper Consent
From loan apps to schools, many organisations still collect personal data without clear, informed consent. Pre-ticked boxes and vague privacy notices don’t count.
The real risk: Illegal processing = automatic violation. Remember Roma School’s Kshs 4.55M fine for posting children’s photos on social media without parental consent? That’s what happens when you skip this step.
Fix: Use clear, simple consent statements. Explain why you’re collecting the data, how it’ll be used, and always allow opt-out. Keep proof of every consent obtained.

3. Ignoring Data Subject Rights
The Data Protection Act gives every Kenyan the right to access, correct, or delete their personal data. Most companies have no system to handle these requests.
The real risk: A customer files a complaint, you ignore it, ODPC investigates — and you’re fined, like liquid Telcom was for failing to delete customer data.
Fix: Create a clear, easy-to-use process for handling access, correction, and deletion requests. Log every request and response.

4. Failing to Secure Data Technically
Too many organisations rely on passwords like “Admin123” or store sensitive files on unencrypted drives. Some even share personal data via WhatsApp groups.
The real risk: A data breach that could have been prevented with basic security. And when regulators ask if you encrypted data or restricted access, you have no answer.
Fix: Enforce strong passwords, two-factor authentication, encryption, and access controls. Data protection isn’t just legal — it’s technical.

5. Ignoring Third-Party Risks
Companies outsource IT, payroll, or marketing to third parties and assume the vendor handles compliance. Wrong. If your vendor leaks data, you are still liable.
The real risk: You lose control of your data the moment you hand it to someone else — and the ODPC will still come for you.
Fix: Audit your vendors. Sign contracts with clear data protection clauses. Ensure they comply with the law before sharing any data.

Data protection isn’t a legal luxury — it’s a survival requirement. The fines are real, the reputational damage is worse, and the law doesn’t excuse ignorance.
If you’re unsure where your organisation stands, start with a compliance audit. It’s the difference between proactive protection and costly damage control.

Call now to connect with business.

11/11/2025

DATA PROTECTION.

IMPORTANCE OF DATA PROTECTION AND COMPLIANCE

If an organization treats data protection compliance as optional, it’s basically building a skyscraper on quicksand. Here’s why it’s absolutely critical — and what happens if you ignore it:

1. Legal & Financial Consequences
• Non-compliance isn’t just a “policy violation,” it’s a direct ticket to fines, penalties, and lawsuits. Regulators in Kenya (ODPC under the Data Protection Act, 2019) can impose fines of up to Kshs 5 million or 1% of annual turnover. Also once regulators smell blood, you’re not just paying fines — you’re dragged into investigations, audits, and court cases that suck resources dry.

2. Reputation & Trust
• Trust is fragile in business. Data protection compliance isn’t about ticking boxes, it’s about showing clients and partners you’re not reckless with their personal information.

3. Operational Stability
• If you ignore compliance: Systems become vulnerable, staff get careless, and a single phishing email can cripple operations.
• If you comply: You build resilient processes, train staff to spot risks, and integrate safeguards that keep your business running smoothly.

4. Competitive Advantage
• Most firms are sloppy with data handling — especially SMEs. If your organization is visibly compliant, you instantly stand out. Clients, especially corporates and multinationals, prefer working with partners who won’t expose them to liability.

5. Investor & Partner Confidence
• No serious investor or partner will put money into a business that’s a data scandal waiting to happen. Compliance signals maturity, governance, and risk management.

✅ Bottom line:
Data protection compliance isn’t “extra paperwork.” It’s legal survival, reputational insurance, operational resilience, and a business growth strategy all rolled into one. Ignoring it is like leaving your vault door open and acting surprised when it gets emptied.

12/02/2025

07/02/2025

Your best legal partner

06/02/2025

According to a 2023 report by IBM data breaches USD 4.45 million a 15% increase from 2020. This means that data breaches have being on the rise as in the recent years with the rise of technology data has become the most valuable commodity in the digital space.
One thing for sure Kenyans are not keen on how they handle or protect their personal data, nor do they know of the importance of having their personal data protected by the different agencies and or data controllers and handlers that they have given access to.

What is Personal Data Breach?

This is a security breach leading to accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

At this point you are asking yourself why you need it protected, with the recent data breach at the BRS, a lot of personal information was released especially on X ( a social media platform)
Kenyans were quick to search various political leaders and their affiliations to various companies known to always take on tenders and the information leaked would cause literal political sabotage.

Effects of Personal Data Breach

Data Mining
Illegal activities such taking financial loans with the company information
Illegal change of ownership details
Email Phishing
Con Phone calls
Economic Espionage
Ransomware attacks
International Repercussions
Tax evasion investigations

03/02/2025

a data breach at the BRS would have serious legal, financial, and security implications for businesses, individuals, and regulatory bodies. Here’s an analysis of the key risks and consequences:
1. Data Privacy & Compliance Risks
• Breach of Data Protection Act (DPA), 2019: The leak violates Kenya’s data protection laws, as the registry holds personally identifiable information (PII) such as directors’ names, ID numbers, emails, and phone numbers and KRA pin.
What this exposure means
• Impersonation & Identity Theft: Criminals can use director details to commit fraud, open fake bank accounts, or apply for loans.
• Corporate Hijacking: Fraudsters may use the data to illegally transfer company ownership or change directorship details through fake resolutions.
• Scams & Phishing Attacks: Scammers can use leaked emails and phone numbers to send phishing messages pretending to be government agencies or banks.
• Economic Espionage: Competitors may exploit leaked company financials and shareholder details to gain an unfair advantage.
• Banking & Credit Risks: Fraudsters may use company details to secure loans fraudulently, potentially affecting businesses' credit ratings.
• Extortion & Ransomware Attacks: Hackers might demand payment from businesses to prevent further exposure.
• Political Exposure: If politically exposed persons (PEPs) are linked to certain companies, this could lead to public scrutiny or legal challenges.
• Tax Evasion Investigations: The Kenya Revenue Authority (KRA) and other agencies may use leaked data to pursue businesses for unpaid taxes.
• International Repercussions: Kenya may face pressure from global regulators if multinational firms' confidential data is exposed.
What Should Businesses Do Now?
✅ Monitor Accounts: Check for any unauthorized changes in business records.
✅ Secure Communications: Be cautious about phishing emails and fraudulent calls.
✅ Report Suspicious Activity: Notify the Registrar of Companies and the ODPC if affected.
✅ Legal Action & Compliance Review: Consider legal options if sensitive data is misused.

10/01/2025

We are open for 2025! HAPPY NEW YEAR!!

26/11/2024

DATA PRIVACY!

Data privacy basically means protection of personal information from unauthorised access, use, disclosure or destruction. Its the legal and ethical framework that governs how personal data is collected, stored, used and shared.

DATA PROTECTION - now this are the technical and organisational measure that orgs and companies set up to protect your data from misuse.

Organisations protect your data through
>encryption
>firewalls
>access controls
>incidence response plans
>regular monitoring and testing
Of these security measures to fish out vulnerabilities

EXISTING LAWS
How we are protected
>Data protection ACT 2019-provides protection of personal data and any entity that wants to process personal data has to. Adhere to this glorious act.

This act also establishes the Office of the Data Commissioner. Now this is the to go person who handles matters data privacy. If there's a breach you have to file the complaint to him first (ie if the breach is under the act itself)before going to any other court >Electronic Transactions Act,2011
>Cybercrimes and Cyber Security Act 2018
>Communications Authority of Kenya regulations
>Competition Authority of Kenya

If you are an organisation and you have personal data those are the statutes that you should be looking at. They keep on changing..
Other than the above statutes there has been penalties set in place for org who are found in breach. To up to the tune of recently 4m (which was imposed on Oppo)

Data protection audits - the Data commissioner has power to conduct audits to orgs randomly...

And penalties...

Acts of Breach of Data privacy

>unauthorised access
>Data theft
>Data loss
>Data manipulation
>Data sharing
>Non-compliance with regulations
>Insufficient security measures

These are some ways Organisations can protect private data
>conducting regular risk assessments
>implementing strong security measures (thru firewalls etc)
>restricting access to sensitive data
>regularly monitoring data access
>providing security and privacy training to employees
>auditing and monitoring the data processed
>have an incident response plan in place.

I may not have exhausted but the rest you can reach us and we can answer and or assist
>being compliant with regulations

Call now to connect with business.

26/08/2024

The Assembly and Demonstrations Bill is due for public participation and all thoughts and opinions are due before the 9th of September make a point of reading the Bill it's only 16 pages I have highlighted a few points incase you need a road map

03/01/2024

Call us for all your legal needs...

01/01/2024

Happy New year to all our clients....May you have a blessed 2024