Handling Advisory on Data & Privacy Law – Ong’anya Ombo Advocates

Data Regulations

DPA and Privacy Laws have a unique dimension than the mere assessment of what the laws provide and abiding by merely providing internal or external policies on matters data and privacy laws. For an organisation to understand the intricacies of internet law, which generally covers data and privacy law, it is essential to factor the operations of the entity as well, which involves having a conversation with the Information Technology (IT) department team or head to have a clear understanding of the system's set up by the organisation.

Data Collection

Direct Data Collection

Understanding how the data and privacy laws impact an organisation requires understanding how an organisation collects data, which is generally through the physical or online model. The physical collection entails providing information to entry-points at various offices, medical forms, surveys, or questionnaires, while online data collection includes signing up for newsletters, sending emails, mere access to an online platform, and applying for an opportunity or requesting information.

Indirect Data Collection

The methods mentioned earlier are more direct. However, there are indirect means of collecting information, which involve using small text files known as cookies. There are numerous types of cookies; yet, not all cookies are intentionally installed on the website; rather, the cookies are introduced through third-party services that the website relies on to provide its services.

In instances where a website relies on third-party services, the website owner must ensure that the third-party service provider is also compliant with the applicable Data Protection laws or regulations. In most privacy policies, it is common that one organisation will indicate where it utilizes third-party services, the organisation is not responsible to the user as the third-party entity has its own set of terms and conditions, including privacy cookie policy.

Platform Assessment

It is important to note that where the website relies on plugins, Application Programming Interface (API), or add-ons under specific plugins, it will require the organisation to confirm with the other organisation whether the third-party plugin, API, or add-on is compliant.

Broad Assessment

Interestingly, while most organisations focus on data and privacy law towards third-parties more so those accessing their website, data and privacy law extends to data collected about the staff through physical forms or online means. As a result, an organisation needs to restructure and seek consent from its staff on how it intends to utilise the staff data for any purpose other than initially collecting the information.

Other Assessments

Hardware and Software Assessment

Data and privacy laws are structured to, directly and indirectly, require changing hardware setup and software codes to avoid breaching the applicable law. Therefore, there are numerous ways in which organisations must objectively look into data laws to ensure that at all material times, the organisation is compliant with the set laws and regulations.

Contact us: hello@onganyaombo.com or +254703672515 | big data | analytics data | analyze data | meta data | bigger data | science data

Comments are closed.