Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS Kenya
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Insights by type
CMS News
Stay up to date with our growth, evolution and our many successes.
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
News

Potential Penalty for Violating Data Breach Notification Timelines

25 Sep 2023 Kenya 2 min read

On this page

    One of the region’s leading retail outlets may be faced with a potential penalty of up to USD 40,000 for its failure to notify the Data Protection Commissioner of a data breach within 72 hours as required by law.

    This comes after the Data Protection Commissioner's appearance before the Senate ICT Committee on 19 September 2023, confirmed that an investigation had been launched into the retailer’s failure to notify the Regulator of the data breach within the prescribed statutory time frame. The Regulator confirmed the pendency of a preliminary report that would detail the actions to be taken against the retailer for non-compliance with the data breach notification time requirements.

    As with numerous aspects of data privacy compliance, failure to adhere to the statutory timelines provided for discharging a data controller’s and/or data processor’s obligations under the data privacy legal framework will pose potential exposure to legal risk and hefty penalties.

    The CMS Kenya | Daly Inamdar Advocates Data Protection Team comprising certified privacy professionals is happy to come on board as your resource partner in supporting your compliance efforts. For more information on data protection please click here.

    This alert serves the purpose of general guidance and is not intended to constitute specific legal advice. For legal advice with respect to this alert, please contact our Partner, Collette Akwana at Collette.Akwana@CMS-DI.com .

    Contributors* 
    Wilson Mrima – Associate

    More insights

    Explore more

    Publication Kenya

    CMS Global Radar 2026

    12 Feb 2026 2 min read
    Expert Guide International

    International arbitration law and rules in Kenya

    29 min read
    Event Kenya

    IP Insights webinar series 2026

    28 Apr 2026
    Back to top Back to top
    If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.