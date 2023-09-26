The Office of the Data Protection Commissioner (ODPC) has issued penalty notices to three companies totaling Ksh 9.4 million for breaching regulations as set out in the Data Protection Act.

Data Commissioner Immaculate Kassait says the three data controllers, Casa Vera Lounge, Roma School and Mulla Pride Ltd which operates two mobile lending apps, KeCredit and Faircash failed to observe Data Privacy Rights to data subjects.

Digital credit provider, Mulla Pride for instance which has been fined Ksh 2.98 million was found culpable of using names and contact information of lenders obtained from third parties to send threatening messages and phone calls.

“This penalty will ensure that digital lenders and financial institutions notify data subjects when collecting and processing their data, and the intention of processing the said data. It will further ensure that the data controllers are limited to strictly dealing with data subjects who have consented to the collection and processing of their data,” said Kassait in a statement.

Casa Vera Lounge on the other hand found itself in trouble for itself in trouble for posting a picture of one of their customers in their social media pages without consent.

The restaurant which operates along Ngong Road in Nairobi has been fined Ksh 1.85 million in a move expected to further deter clubs and lounges from posting their clients images online without consent.

Roma School which is based in Uthiru in Nairobi County will pay the largest fine amounting to Ksh 4.55 million for posting pictures of minors without approval from parents.

“This being the first and the highest penalty to an educational facility sends a message to schools and other facilities handling minor’s personal data to obtain consent from parents and guardians prior to processing minor’s data,” she added.

ODPC says it has also conducted compliance audit on WhitePath a digital credit provider and Naivas Supermarkets which was hit by a ransomware in April this year.

The office also plans to commence conducting 40 compliance audits on various data controllers and processor in the current financial year.