Related documents
- Is amended by 24th Annual Supplement

LAWS OF KENYA
DATA PROTECTION ACT
THE DATA PROTECTION (COMPLAINTS HANDLING PROCEDURE AND ENFORCEMENT) REGULATIONS
LEGAL NOTICE 264 OF 2021
- Published in Kenya Gazette Vol. CXXIV—No. 6 on 14 January 2022
- Commenced on 14 January 2022
- [Revised by 24th Annual Supplement (Legal Notice 221 of 2023) on 31 December 2022]
Part I – PRELIMINARY
1. Citation
These Regulations may be cited as the Data Protection (Complaints Handling Procedure and Enforcement) Regulations.2. Interpretation
In these Regulations, unless the context otherwise requires—"Act" means Data Protection Act (Cap. 411C);"complainant" means a data subject or a person who has lodged a complaint pursuant to regulation 4;"Data Commissioner" means the person appointed under section 6 of the Act;"Office" means the office of the Data Protection Commissioner;"enforcement notice" means a notice issued by the Data Commissioner under regulation 16;"penalty" means a penalty imposed by a penalty notice;"penalty notice" means a notice issued by the Data Commissioner under regulation 20;"respondent" means a person against whom a complaint is lodged; and"summons" means an order of the Data Commissioner, in writing, directing a person to appear before the Office.3. Object and purpose of the Regulations
The object and purpose of these Regulations is to—Part II – PROCEDURE FOR LODGING, ADMISSION AND RESPONSE TO COMPLAINTS
4. Lodging of a complaint
5. Register of complaints
6. Admission of complaint
7. Discontinuation of a complaint
8. Withdrawal of a complaint
9. Joint consideration of complaints
10. Language
11. Notification of a complaint to the respondent
12. Joinder of parties
13. Investigations of a complaint
14. Outcome of investigation
15. Negotiation, mediation or conciliation
Part III – ENFORCEMENT PROVISIONS
16. Issuance of enforcement notice
17. Service of an enforcement notice
18. Review of enforcement notice
19. Appeals against enforcement notice
Subject to sections 58(2)(d) and 64 of the Act, a person may before the lapse of thirty days from the date of service of the enforcement notice, appeal to the High Court against a decision arising out of the enforcement of the notice.20. Issuance of penalty notice
21. Enforcement of penalty notice
The Data Commissioner shall enforce or take action to recover a penalty—History of this document
31 December 2022 this version
Revised by
24th Annual Supplement