Data privacy has become a rather increasingly critical issue in recent years, as more and more personal information is collected, processed, and stored by organizations. Data breach at a company for example can put proprietary data in the hands of an unintended user putting the company at a disadvantage For instance, data breach at a government agency can expose top confidential information in the hands of an enemy state.

Data privacy refers to the protection of personal information that is collected, processed, and stored by organizations.

Data privacy laws, regulations, and policies are put in place to ensure that organizations adhere to certain standards and practices to protect the privacy of personal data.

In Kenya, the office of the Data Protection Commissioner has been mandated to ensure organizations implement and comply with the Data Protection Act, 2019.

Why it matters?

Data privacy is important for several reasons:

  • Protecting Personal Information: such as customer name, address, phone number, and financial information. Protecting this information is crucial to prevent identity theft, fraud, and other forms of privacy violations.
  • Building Trust: When organizations handle personal information responsibly and securely, it helps to build trust between them and their customers. This can lead to a stronger relationship and a better overall customer experience.
  • Legal Compliance: Many countries and regions have data privacy laws and regulations in place that organizations must comply with. Failing to do so can result in legal and financial consequences.

What is the Organization’s/Auditor’s Role?

Organizations have a crucial role to play in ensuring data privacy. Key procedure that organizations can follow to ensure data privacy is shown below;

Data privacy

‘’According to the data protection act section 23, the Data commissioner may carry out periodical audits of the processes and systems of the data controllers or data processors to ensure compliance with this Act’’

As an internal/system auditor, we work to ensure you are compliant and ready by doing the following;

  • Identifying Risks: The auditor identifies potential risks that may result in a data breach or privacy violation. They can perform a thorough risk assessment to determine the level of risk involved in the organization’s data privacy practices.
  • Reviewing Policies and Procedures: The auditor will review the organization’s data privacy policies and procedures to ensure they are comprehensive and up-to-date. The auditor will also identify areas where policies may need to be revised or improved.
  • Testing Controls: The auditor will test the effectiveness of the organization’s data privacy controls. This may include reviewing access logs, testing security protocols, and verifying compliance with data protection laws and regulations.
  • Reporting Findings: The auditor will report their findings to management, including any areas of non-compliance or weaknesses in the organization’s data privacy controls. They will also provide recommendations for improving privacy practices and mitigating risk.

Overall, a system auditor plays a crucial role in protecting an organization’s sensitive data and ensuring compliance with data privacy regulations.

MGK Consulting has the best team in the internal audit function who will walk with you to ensure a smooth data privacy journey. For more information visit our website or email

  • [spcd_display]