Data, Privacy &

Data, Privacy & Cybersecurity

Privacy by Design. Big data. The Internet of Things. Wearables. AI. Online behavioral advertising. HIPAA. Data breaches. Every organization needs good data, privacy & cybersecurity management to run successfully. Rigorous data protection laws – plus increasing regulatory and commercial pressure – mean a clear understanding of the storage and use of information is absolutely essential.

Clay & Associates Advocates’ data protection specialists use their thorough grasp of the law and understanding of the individual needs of our clients to deliver a strategy that ensures their compliance, now and in the future.

We have the expertise to advise companies of all sizes on data protection and privacy issues, from start-ups to large corporate entities across most sectors. Whether you require short-term crisis management assistance or a global program tailored to satisfy international data protection authorities, our clients receive pragmatic, practical, and cost-effective solutions.

We also have specialist lawyers in outsourcing, employment, litigation, and corporate law (start-ups) who can advise on a range of data protection issues.

If you would like to find out more about what Data, Privacy, and Cybersecurity legal services can be offered by our law firm to you or your business, please contact us on +254 20 2100 999 or email us at for a free initial chat about any Data, Privacy, and Cybersecurity legal issue.

Data, Privacy &

Compliance for Personal Data

Our team of highly skilled data protection, privacy, and cybersecurity legal experts works closely with organizations to help them develop compliant procedures for the collection, storing, and processing of personal data.

We will work closely with you and your business to give guidance on the legal compliance duties placed upon either you or your business through the data protection laws and regulations.

Especially, how you or your business collects, stores, uses, discloses, or transfers personal data and on how to manage regulatory inquiries and audits and claims from individuals.


The value of personal data, collected by an organization, can be hugely significant, as long as it has been collected in a legally compliant way.

Whether such data can be used for future marketing activities, either by the business that collected it or by others, is often overlooked and can have negative connotations. Regulators, not only in Kenya but globally, are cracking down on direct marketers who flout the law and we are seeing an increase in enforcement action and some huge fines levied against perpetrators.

We will work with you and your business to ensure that personal data is collected in a way that facilitates best practice in future marketing activities and advise on how to comply with direct marketing regulations so as to run legally compliant marketing campaigns.

Data Breach Response

Privacy, cybersecurity incidents, and data breaches require an immediate, decisive, and multi-disciplinary response. We offer this through our expertise spanning cybersecurity, data privacy, financial services regulatory, corporate crime and investigations, dispute resolution, insurance, and employment teams.

We will immediately assemble the right team to be by your side in those crucial first hours and days of a crisis. We will support you to respond quickly and to mitigate the risks arising from the incident.

Policy Development and Review

We will assist clients to identify and develop necessary data privacy policies pertaining to data collection, employment, online marketing, and sector-specific requirements. Data collection is a critical aspect of many business models, and the regulation of data collection practices is constantly increasing. We help businesses navigate the ever-evolving privacy regulatory landscape.

Our team helps clients review existing information security policies and procedures, recommends revisions to existing policies and procedures, and drafts policies and procedures if none exists.

Count On Us

We all share the same common goals – to deliver legal advice of the highest quality that is clear and easy-to-understand for our clients and meets their specific needs at competitive rates (including fixed fees wherever possible to deliver value for money and budget certainty).

Contact Us Today!

Mon- Fri: 8.00 am – 5.00 pm

Our Data, Privacy & Cybersecurity Services

Policies & Privacy Notices

We currently assist companies in reviewing their existing privacy notices and other relevant internal policies concerning personal data, and help them draft appropriate policies and notices to ensure that they will remain compliant.

With the implementation of the new Data Protection Act, many organizations will need to update their privacy notices and policies and revamp their internal policies concerning collection and handling of personal data.

Our firm’s team stands ready to work with organizations to assess current policies and procedures and updating processes. Clay & Associates Advocates is well placed to guide both large and small organizations in this area.

The team is also experienced in providing training progammes for organizations that assist in bringing staff and management up to speed on their privacy rules and regulations.

Retention of Communication Data

The retention of communications data, in Kenya, has long been recognized as a valuable measure. Our lawyers understand the importance of regulation, such as The Kenya Information and Communications Act (No. 2 of 1998), The Data Protection Act and the Access to Information Act, in regards to businesses concerned with providing telecommunications and other data services and government organizations providing public services and holding public data.

We guide these businesses and government regulations through the miasma of their obligations on all retained data and requests for disclosure – working closely with them to ensure that they have appropriate policies and procedures in place relating to such retained data.

We can also advise on the making of applications for access to such data and are on hand should any application be refused.

International Transfers of Data

Many businesses routinely transfer data overseas, whether to another group company, to a third party for sub-processing, or for other reasons.

This process can be fraught with legal compliance issues as the Kenya Data Protection Act and Regulations do not allow the transfer of personal data outside of Kenya save where permission has been granted by the relevant authorities.

We are well placed to advise organizations of all sizes on legitimizing these overseas transfers of personal data and on the requirements for onward transfer.

Service Provider Agreements/Third Party Contract Review

Clay & Associates Advocates’ lawyers stand ready to assist clients in all business sectors to review agreements with service providers, including third-party technology service providers, through a lens that identifies and protects against potential liabilities arising from data, privacy, and cybersecurity incidents. Our team will work closely with you and your business to understand the unique circumstances and challenges that exist with each service provider.

Keeping our clients’ business goals in mind, we craft narrowly tailored service provider agreements designed to mitigate potential exposure arising from a data security incident by clearly defining a client’s relationship with the service provider; requiring the service provider to adhere to delineated information security practices molded to the specific service offering; setting forth expectations as to when, how and under what circumstances a service provider must report a potential or suspected data security incident, and preserving the client’s right to conduct an independent forensic investigation; incorporating optimal indemnification and limitation of liability language to shift liability and defense exposure to the service provider; leveraging a service provider’s insurance coverage; incorporating warranties that hold the service provider accountable for rendering services in accordance with the agreement and applicable law; applying a favorable choice of law provision governing disputes under the contract; and avoiding potential pitfalls such as waivers of subrogation that may preclude our clients or their insurers from recovering damages attributable to a service provider’s conduct.

Managing liabilities associated with service providers has never been more important with the evolution of technology and online threats creating an increasingly dangerous digital environment. The risks and liabilities can be mitigated, however, with due diligence and good service provider contract management.

CONTACT CLAY & ASSOCIATES ADVOCATESCall us today, e-mail us or leave a message.

Get a free callback

CASE STUDIESSearch Case Studies

AllIn the newsSettled
We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.