Kenya's Office of the Data Protection Commissioner (ODPC) has confirmed its intention to audit 40 digital lenders after having received over a thousand complaints, including that of data privacy breach.

The Commission released a statement which reads: “The Data Protection (complaints handling and enforcement procedures) regulations, 2021, took effect on February 2022 paving the way for data subjects to file complaints and report data breaches to the Data Commissioner. As of 30th September 2022, ODPC had received 1,030 complaints. The office admitted 555 of these cases, including 299 which were on digital lenders, representing 54 percent of all cases admitted.”

Last month, the Central Bank of Kenya released a list of ten digital lenders licensed to operate. Other service providers, whose applications are pending, have been allowed to operate, but those who did not apply have been barred from issuing credit.

However, according to complainants, some operators are allegedly still issuing credit, irrespective.

Data Commissioner Immaculate Kassait said, “This is just one among many other complaints being investigated by the office. We want to assure the public that the complaints received will be investigated and concluded accordingly. All aggrieved members of the public are encouraged to continue sending their complaints.”

In September the Commission stated that it had received 1,660 applications for Data Controllers and Processors who are mandated to register with the regulator.

Data controllers and processors are entities that deal with and process personal data including banks, companies and other organisations. It ensures that they are licensed to handle personal data under the Data Protection Act 2019.