Data Protection Act

Compliance with the Kenyan Data Protection Act, 2019.

Legal Framework

The **Data Protection Act, 2019 (No. 24 of 2019)** is Kenya's primary legislation regulating the processing of personal data, giving effect to **Article 31(c) and (d)** of the Constitution of Kenya regarding the right to privacy.

It establishes the **Office of the Data Protection Commissioner (ODPC)** to enforce compliance, protecting individuals' data from unauthorized, unlawful, or careless handling by organizations.

1. Scope of Application

LaiEduHub adheres to the Act's mandate which applies to any data controller or processor established in Kenya, or not established in Kenya but processing personal data of data subjects located in Kenya. LaiTech Solutions, as the provider of LaiEduHub, is committed to full compliance.

2. Fundamental Principles (Section 25)

Lawful & Fair

Personal data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.

Purpose Limitation

Data is collected for explicit, specified, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Data Minimization

Processing is limited to what is adequate, relevant, and necessary in relation to the purposes for which they are processed.

Storage Limitation

Data is kept in a form which permits identification of data subjects for no longer than is necessary.

3. Data Subject Rights

Under the Act, individuals whose data is processed via LaiEduHub hold the following rights:

  • **Right to be informed** of data usage.
  • **Right to access** their personal data.
  • **Right to object** to the processing of all or part of their data.
  • **Right to correction** of false or misleading data.
  • **Right to deletion** of false or misleading data.

Consent

Data collection requires valid, specific, and informed consent. In the institutional context of LaiEduHub, schools act as the primary Data Controllers responsible for obtaining and managing this consent.

Sensitive & Child Data

Stricter rules apply to sensitive data (health, biometrics, etc.). Processing of child data (learners) requires the explicit consent of parents or guardians.

Data Transfer

Personal data will not be transferred outside Kenya without providing proof of adequate data protection safeguards to the ODPC or obtaining explicit consent from the data subject.

**Compliance is Mandatory:** We adhere to the penalties and enforcement actions mandated by the ODPC.

Last update: March 2026 | LaiTech Solutions Compliance Team

Compliance Inquiry