Scribd
Upload
20 views26 pages

Data Protection Glossary

Data protection

Uploaded by

bevalineachieng410
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
20 views26 pages

Data Protection Glossary

Data protection

Uploaded by

bevalineachieng410
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 26

Data Protection Glossary

Presented by Centre for Intellectual


Property and Information Technology Law
(CIPIT)
Outline

Basics
Stakeholders
Mechanisms
Basics
Privacy

seclusion, being free from public attention


Kenya Constitution Article 31:
Data

Facts about a thing


For example- population statistics, vaccination
statistics, your name, your age, phone number,
home address, race, number of children, property,
heart rate
Types of Data
Personal data

Data that can be linked to a person


Personally identifiable
• the girl with a black hat
• Mr. Githinji’s first born
• Next of kin
• mobile phone number
• passport number
• biometrics
Sensitive personal data

Data that reveals sensitive personal details


• DNA
• political party
• ethnic affiliation
• sexual orientation
• religious affiliation
• medical results
• health data
Data processing

means working on data


Consent

When data subject freely agrees for their data to be


processed
The DPA defines consent to include:
• manifestation of express, unequivocal , free and
informed indication of the data subject’s wishes
• can be a statement or clear affirmative action

Consent is the primary basis for processing data


Data breach

When data is accidentally or unlawfully destroyed,


lost, altered, disclosed, or accessed.
Can be intentional or unintentional.
Examples include website takeovers, leaks, hacking.
Profiling

Collection of personal information for purposes of


knowing a data subject’s habits and interests.
The Kenya DPA defines profiling to include
predicting aspects of someone’s ‘race, sex,
pregnancy, marital status, health status, ethnicity,
colour, age, disability, religion, conscience, belief,
culture, dress, language or birth, personal
preferences, interests, behaviour, location or
movements.’
Stakeholders
Data subject

The person who the data relates to:


• your customer
• your customer’s contacts
• your employee
• your employee’s next of kin
Data processor

The person or organisation that processes personal


data
a data processor can be a third party who has no
direct relationship with the data subject
• schools
• employers
• social clubs
• digital lending apps
• political parties
Data controller

The person or organisation who decides how data is


to be processed
Examples of decisions- the purpose for data
collection and processing; how long data is to
stored; who can access the data
Examples of controllers- an employer, a building
owner, a school
Data Protection Commissioner

A government officer tasked with overseeing data


protection in a country
In Kenya, the Data Protection Commissioner:
• oversights data processing
• registers data processors and controllers
• audits and asses data processing activities
• investigates complaints
• researches
Third party

A person or group besides the two primarily


involved in a situation
Under Kenya DPA, third parties are all other persons
‘other than the data subject, controller, processor or
persons under the direct authority of the data
controller or data processor’
Examples include public authorities eg when the
National Employment Authority requests data on
employees from an organisation
Special groups

These are persons whose data processing requires


special consideration. For example, children cannot
give consent directly and their consent has to be
given through a parent or guardian
Other special groups include persons with mental
incapacity, people who cannot read or write,
vulnerable populations etc
Mechanisms
DPIA

Data Protection Impact Assessment


A process for assessing risks in data processing
activities. It involves:
• identification of risks
• mitigation of risks
• management of risks
• governance of data protection
Privacy by design

integrating privacy when designing and throughout


the business processes, systems and data
processing activities
In Kenya privacy involves protection of:
• one’s person, home and property
• possessions
• information relating to family or private affairs
• privacy of communications
Privacy by default

Ensuring that business processes, systems and


data processing activities always revert to privacy
• this should happen without requiring any input
from the user
• example- online forms should not opt-in
customers to services but actively seek their
consent to opt in
Anonymisation

Removal of identifying particulars or details from


data so as to make it NOT personally identifiable to
a person
Example: a voter register can include name and
polling station of the voter but not phone number or
home address of the voter
Pseudonymisation

Processing personal data in ways delink data to a


specific data subject
This can be done through:
• removal of some information
• keeping some information about the data subject
separately
• coding some data so that it is no longer
attributable to a specific person
• phone number: 072XXXX45
• ID number: 32XXXXXX8
Encryption

Converting data into coded/unreadable form


Once encrypted, data needs to be decrypted in
order to be legible

NAKWOUM SATO YA SHWIMO


To decrypt read in Kenyan Sheng

You might also like