A key highlight of the year was the introduction of new legislation around customer privacy. As a fundamental human right, privacy has become a key focus areas as technologies continue to evolve and demand for personalised data soars. Safaricom is committed to ensure that all customer data remains protected from misuse, and the company has adopted its own robust means of ensuring that global standards of data protection were proactively implemented. The Data Protection Act of 2019 was signed into law by the President of the Republic of Kenya in November 2019. The Act has introduced a set of customer privacy and personal information protection laws and established the Office of the Data Protection Commissioner to oversee and manage the rights of data subjects and obligations of data controllers and processors.
While the Act is still in its implementation phase and a new Data Protection Commissioner is in the process of being appointed, the Act represents a significant, positive step forward for the country. By legislating clarity and certainty regarding the collection and use of personal information, the Act will foster an environment of trust that allows innovation and progress to flourish.
Safaricom participated extensively in the engagement sessions during the public participation phase and we are satisfied that our views have been reflected in the enacted laws. We have also created a Data Protection department to review our processes and policies and ensure that we are compliant with all regulations in this regard (please see the Risk Management section on page 34 of this report for further detail regarding the department and its activities).