This weekly digest reviews key 2025 rulings by Kenya’s Data Protection Commissioner. They show how enforcement turns legal theory into real accountability.
Data protection laws are a good thing per se. Yet, their enforcement is essential, as some organizations could neglect legal demands without practical application. Today we are going to review some decisions made by the Office of the Data Protection Commissioner of Kenya in 2025, which was determined to uphold regulations across businesses and organizations.
The first case today is Mr. Bolo vs. Platinum Credit, which we already discussed earlier. The company violated data protection regulations by making unsolicited marketing texts and calls. Also, Platinum Credit ignored Mr. Bolo’s requests to delete his personal data and stop unwanted calls.
Platinum Credit claimed that its employees did not contact Mr. Bolo, and all calls he received came from former employees. The company stated that those individuals are trying to damage its business's reputation.
Yet, despite all arguments, Platinum Credit failed to prove that it legally obtained a consent form from Mr. Bolo to receive marketing communications. The Commissioner fined it for Sh900,000.
There was a similar case, Samuel Kamau vs. Platinum Credit. The company contacted Mr. Kamau to promote its products, without receiving his consent. As a result, Platinum Credit was fined Ks400,000 for violating data protection regulations.
The second case is Marlene Ngina vs. Whitepath Ltd., which also was mentioned in our blog previously. This time the company contacted Ms. Ngina over a defaulted loan taken by her colleague. Whitepath Ltd. claimed that Ms. Ngina was responsible for the debt because she was listed as a guarantor and told her she should contact the borrower to assist with settling the loan.
On the other hand, Ms. Ngina stated that she didn’t sign any legal paper related to the loan and that she isn’t a guarantor.
The Data Protection Commissioner conducted an investigation and fined Whitepath Ks450,000 for privacy violation.
Another interesting case, demonstrating enforcement by the Data Protection Commissioner, is Mr. Yasin Akbar vs. Wananchi Group (Zuku). Mr. Akbar was an employee of Zuku but left the company after some time. However, he continued to receive promotional messages from the ex-employer. He contacted Zuku on several occasions via verbal, phone, and email to delete his personal information from a database.
Representatives of Wananchi Group stated that the company doesn’t have any confirmed records of Abkar’s data deletion requests in its systems.
The Commissioner accepted evidence from Mr. Yasin Akbar showing that he had sent several emails to Zuku’s corporate email address listed on the company’s website. These emails were not delivered, as the email address was not operational. As a result of the investigation, the Data Protection Commissioner fined the ex-employer Sh500,000 for violation of legal regulations.
As shown, the Kenya Data Protection Commissioner works across many sectors of the economy to ensure that organizations comply with data protection laws. These laws define individual rights, including the right to privacy and the right to erasure, which allows individuals to request the deletion of their personal data.
SearchInform provides companies with tools, required for efficient data protection and compliance with regulatory requirements. Our solutions assist with the discovery of particular personal data and the deletion of all its copies across all the company’s infrastructure. Risk Monitor includes in-built security policies, tailored for fulfillment of global data protection regulations, such as GDPR or PCI DSS, or local regulations, such as Algeria’s Law No. 18-07 or Saudi Arabia’s Personal Data Protection Law.
Risk Monitor is a Next-Gen DLP platform that provides companies with a comprehensive set of security tools, including data classification, data loss prevention, and watermarks. It assists in compliance process and ensures effective data protection for small businesses and large enterprises.
Contact us today to learn, how the Next-Gen DLP solution can protect your sensitive data, contribute to development of your business, and receive a complimentary security audit.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!