Kenya has made several attempts to develop a law on Data Protection. The Ministry of Information, Communications and Technology (MoICT), together with the Communications Authority of Kenya (CA), led a stakeholder process to draft a ‘Kenya Data Protection Bill’. At the same time,the Senate has drafted and tabled a ‘Data Protection Bill,2018’. While the two draft laws are seemingly geared towards achieving the same purpose,there are some key differences in the approach and implementation. The Senate draft has been tabled for the 1st reading, while the MoICT draft is still awaiting cabinet approval.The objective of both versions of the Bill is to address the importance of having Data Protection laws in Kenya,to ensure effective protection and management of personal data by identifying, assessing, monitoring and mitigating privacy risks in programs and activities involving the collection, retention, use, disclosure and disposal of personal data. They both also seek to establish the required institutional framework for privacy and data protection.Although TESPOK was involved in the development of the MoICT ‘Kenya Data Protection Bill’,some critical industry proposals and positions were not considered. The key issues with the current versions of the Bills is the impact of practical implementation that could have adverse effects on the sector.In addition, while the Senate version has attempted to accommodate some of the European General Data Protection Regulations,the MoICT Task force accommodates more on the EU GDPR. There are several differences between the two documents and these need to be reviewed against best practice. TESPOK therefore seeks to recruit a legal consultant with good understanding of the ICT sector and the legislative process in Kenya,to review the two drafts and provide proposed amendments and justifications that support the ICT business framework in Kenya..For more information click here.