Thank you for visiting the Office of the Data Protection Registration Portal. Before you begin registration, ensure you have read and understood the Pre-registration Information provided below.

Before beginning your registration, ensure you have the following:

1. An accessible and working email address, ensure the spelling of the email address is correct. Note that you can only use one email for one entity (for both data processor and controller application). In the event that you want to apply for multiple entities, i.e. Subsidiaries, use a different email for every entity.
2. Read the Guidance Note on Registration of Data Controllers and Data Processors to understand the different categories and see the procedure, link: here
3. Have the Establishment documents for the Applicant in pdf format.
4. Have the certified audited accounts of the Applicant in pdf format, for previous year accounting period. For newly established entities, submit a signed revenue statement or a KRA returns in pdf format.
5. Consult internal responsible departments to understand which safeguards have been implemented by the applicant to protect the data. This entails both Technical and organizational Safeguards that apply to the applicant.

During the Registration process, please take note of the following Crucial information at every stage:

1. In the Verification Detail Category, please ensure you input the correct email addresses, and double check for correctness. Ensure that you select the correct data handler type, i.e. Data Controller or Data Processor. To understand the difference, please visit our website and read the Guidance Note on Registration of Data Controllers and Data Processors, Link: https://www.odpc.go.ke/download/guidance-note-on-registration-of-data-controllers-and-data-processors/
2. In the Basic Detail Category, ensure you fill the basic details category correctly, indicating the correct name of the institution, as incorporated or established. Please note that the arrangement and spelling of this entry is exactly how it will appear in the registration certificate.
3. In the Personal Data category, ensure you have classified the categories of personal data you hold. i.e. employee data should be indicated separately from Supplier data. Furthermore, indicate the type of data held in each category exhaustively, for example contact details and Payment information.
4. In the Sensitive Data category, if applicable, ensure you indicate the exact purpose the Sensitive Data is collected for.
5. In the Transfer of Data Category, if applicable, ensure to include ALL jurisdictions where data is transferred to.

6. In the Measures of Protection of Personal Data Category, please ensure you fill ALL the risk measures, with both Technical safeguards and organizational safeguards that apply. Please note that this section is very important and as thus, consult your internal responsible departments for more information. If the risk measures are not defined, please note that you can add those that fit your organization.

   Kindly note that inadequate safeguards can lead to the refusal of the application, as per Regulation 10 and 16 of The Data Protection (Registration of data Controllers and data Processors) Regulations 2021.In the Employees and turnover, ensure you choose the correct number of employees and turnover category that applies to the applicant.

   Ensure the Audited Turn over documents have also been attached. Kindly note that the employee and turnover category dictate the generation of the correct invoice amount to be paid in the next stage. Submission of inaccurate information on the Turnover amount shall lead to the refusal of the application, as per Regulation 10 and 16 of The Data Protection (Registration of data Controllers and data Processors) Regulations 2021.

7. Once you have verified your email address, proceed to log into the dashboard and to make payment. Ensure that you select only one mode of payment between M-pesa, Bank and Cheque and only generate one invoice. This entails clicking the “Click here to pay” icon only once.

After the Registration process, take note of the following Crucial information at every stage:

1. In the event where the you wish to apply for both Data Handler types, i.e. both a Data Processor and a Data Controller for one entity, finish one application, i.e. the controller application and then log in to the dashboard to apply for the processor application. Once logged in to your dashboard, you will see a link on the top that states “If you wish to apply for a different data handler type, click this link”. Click on it to begin the application for the subsequent data handler type, i.e. the processor. This process is same in the event that the applicant registered a processor application first.
2. This certificate is downloadable from the portal and your details will be updated on our online register. 

In case of any questions or clarifications on registration issues, Kindly reach out to our team by email on registration@odpc.go.ke or call us +254796954269 or +254752896867.