Data Audits in compliance with the Data Protection Act;

Data audits are important in today’s business and ought to be carried out periodically to ensure compliance with the Data Protection Act of Kenya. These audits ensure data is processed fairly, for legitimate purposes, and accurately by the use of an effective and efficient system.

Under the Data Protection Act, the Data Commissioner is tasked with the role of carrying out periodical audits of the processes and systems of the data controllers or data processors to ensure compliance with the Act. While the Act does not place an obligation on the data controllers or processors to perform internal audits periodically, continuous compliance audits are necessary to ensure compliance with the Data Protection Act and other related laws.

For organizations to avoid falling foul of the law which may lead to increased loss of revenue and incurring penalties due to non-compliance, continuous audit checks are necessary and proper.

In the digital space, some organizations may find it difficult to adhere to compliance requirements due to the complexity of the data held by the organizations, lack of personnel, and inadequate IT resources that would ideally equip such enterprises with the necessary infrastructure to comply with the laid down laws, regulations, and accepted standards, pertaining to data protection.

The high level of competition in the market through the use of evolving strategies for speedy delivery leads to a change in the IT infrastructure thereby affecting such organization’s compliance. Continuous compliance is, therefore, necessary to enable organizations to quickly adapt to the developing and dynamic changes in the IT field. It is important to note that continuous compliance is a business enabler and an organic component of every organization’s daily processes.

Performing a continuous compliance check once does not mean that an organization is compliant forever. This is because laws, regulatory standards, strategies, and IT infrastructure are ever-changing. Furthermore, continuous compliance checks give room for continuous monitoring and review to ensure that data is protected, and the use of regular standards, in effect, enables the smooth, efficient, and effective running of businesses.

Continuous compliance checks help organizations in the monitoring and evaluation of data in the system through vulnerability scanners, identification, access control, etc. These continuous checks aid in ensuring that businesses comply with the laid-down laws, regulations, and the organization’s internal standards. It also creates awareness, readiness, and training for users on the need to conduct compliance audits and measures that can be put in place to reduce any risks associated with the processing of data.

At Riskhouse International, we have a team of professionals with the expertise to offer continuous compliance audit solutions together with other services such as; data protection impact assessment [DPIA], digital forensics investigations, vulnerability assessment penetration testing, system security review, and post-implementation review, business continuity planning, and disaster management plan, fraud compliance and investigation, forensic investigation audit among others.

To learn more about this service and to catch up on our other news and alerts you can visit our blog on our website at