Data Protection Determinations

We provide highlights of data protection determinations published by various Information Regulators across Africa.

Kenya

The Data Regulator dismissed a claim against Zoscales Partners after it established that the Respondent promptly removed a video featuring the Complainant from its website once the issue was brought to their attention. By swiftly removing the offending video, the ODPC established that they fulfilled their obligations under the DPA Act. Read more on DataHub

AAR Healthcare Kenya Limited was found liable for violating the Complainants right to privacy when sensitive personal data given to them by the Complainant in the course of accessing medical services, was released to a third party insurance firm, who used it for marketing purposes. Read more on DataHub.

Nigeria

NITDA sanctioned Soko Lending Company Limited by fining it N10million for unauthorized disclosures, failure to protect customers' personal data, defamation of character as well as failure to carry out the necessary due diligence as enshrined in the Nigeria Data Protection Regulation (NDPR). Read more on DataHub

South Africa

The High Court sided with the regulator, deeming a request by the Plaintiff to declare grant beneficiaries' personal information as South African Social Security Agency (”SASSA”)’s property flawed. This underscores the principle that data subjects maintain ownership of their personal information and that a responsible entity cannot transfer such data to another party without proper authorization. Read more on DataHub

Access Easy-to-Read Summaries of Determinations in Africa

Quiz

Which of the following must a processor include on its record of processing activities?

Answer Options:

1. The contact details of the controller on behalf of which the processor is acting.

2. A description of the categories of data subjects and of the categories of personal data.

3. The purposes of the processing.

4. The technical and organizational security measures in place.

5. The countries to which personal data is transferred, if applicable.

Correct Answer:

4. The technical and organizational security measures in place.

Explanation:

"The technical and organizational security measures in place," aligns directly with these requirements. The other options, while important for overall data compliance, pertain more specifically to the controller's obligations rather than the processor's records.

Join the Community | RSVP for Future Compliance Workshops

Featured Article

Corporate Communications: The Problem with WhatsApp

Organizations use WhatsApp for communication due to its accessibility, user-friendliness, and versatile features like instant messaging, voice, and video calls. It's cost-effective, mobile-friendly, and fosters team camaraderie with its informal nature, enabling real-time communication.

However, WhatsApp raises significant data privacy and compliance concerns. It collects extensive user data, including contacts and location, which is transferred to Facebook without clear purposes or user consent. This practice poses risks to employee privacy and violates data protection regulations, especially in African countries with stringent data transfer laws. WhatsApp's lack of transparency and compliance with data protection principles further complicates its use for business communication.

To ensure compliance and protect data, businesses are advised to consider more secure and professional enterprise messaging solutions.

---

This is a summary of a blog article appearing on the DataHub | Africa Data Laws Blog. You can read the full article for a more detailed analysis by clicking on the link below.

Read the Article: Corporate Communications: The Problem with WhatsApp

Want more?

Access Data Protection knowledge & resources, for free

Check out Africa-focused data protection resources: datahub.africa which includes:

• AI Policies & Case Tracker

• Country data laws and factsheets

• Data Protection decisions and summaries

• Data Protection Blog

Tailored data protection training

Practical, down-to-earth Compliance Workshops to build on your team's knowledge. Contact us to find out more.

Email: info@mzizi-africa.com

No-nonsense reviews, advice and support

Like a chat about data protection issues you're facing? Get in touch and Margaret or Sam will arrange a meeting.

Email: info@mzizi-africa.com

Access Africa-focused Data Protection Resources, for Free

Follow DataHub on LinkedIn, Twitter or check us out online.

DataHub is a free to use data-focused product by MZIZI Africa