We advise innovation-led and transactional businesses managing sensitive data across digital platforms, teams, and technologies. Whether you’re launching a new product, preparing for a regulator audit, or responding to a breach, we deliver practical, forward-looking legal support.
Our team integrates privacy-by-design, data governance, and cybersecurity enforcement strategies, built on deep knowledge of the Kenyan Data Protection Act and its intersection with commercial law, technology contracts, and global privacy standards like the GDPR.
We also help foreign entities localize data frameworks for the Kenyan market and support AI-powered solutions by embedding legal risk management from design to launch. From structuring cross-border data use to prosecuting breaches, we work with you to stay compliant and resilient.
We’ve supported fintechs, platforms, and global brands through successful ODPC audits, regulator filings, policy rollouts, enforcement defence, and breach recovery. Whether you’re scaling, restructuring, or launching a data-centric product, we help you do it right.
Our services include;
Compliance & Governance
Full-scope data protection audits, DPIAs, and gap assessments
Implementation planning and remediation support
Localisation of global data and cybersecurity policies for Kenyan subsidiaries
ODPC registration, compliance filings, and ongoing reporting obligations
Privacy-by-design legal input for AI products, SaaS platforms, and mobile apps
Mapping of internal privacy, access control, and cybersecurity controls
Development of SOPs, internal data governance protocols, and layered policies
DPO advisory services and support with accountability frameworks
Contracts & Data Transactions
Drafting and reviewing NDAs, employee data clauses, and BYOD policies
Data processing, data sharing, and cross-border transfer agreements
Transfer Impact Assessments (TIAs) and international data flow structuring
Data licensing agreements and allocation of rights in commercial transactions
Integration of data use terms in platform agreements, M&A, and SaaS deals
Cybersecurity & Breach Response
Cybersecurity policy development and legal governance frameworks
Incident response plans and escalation strategies
Legal response during and after a breach, including internal investigation
Regulator breach notifications, documentation, and authority coordination
Legal support under the Computer Misuse and Cybercrimes Act, including prosecuting or defending employee-related data offences
Enforcement & Disputes
Representation or defence in complaints before the ODPC
Legal advisory during ODPC audits and enforcement proceedings
Internal investigations for data violations involving staff or contractors
Evidence preparation, authority liaison, and prosecution coordination
Training & Strategic Advisory
Training for staff, management, and boards on privacy and cybersecurity obligations
Consent strategy, lawful basis determination, and data use policy review
AI legal risk analysis and compliance strategy for personal-data-powered systems
Advisory for global businesses entering the Kenyan market with data-driven models
