Female business professional standing in foyer looking at mobile smartphone device.

Navigating your way to the Cloud
Kenya

A Journey of Digital Transformation
An Interactive Guide for Legal and Compliance Professionals

INTRODUCTION TO CLOUD IN KENYA

Digital transformation is about reimagining how you bring together people, data, and processes to create value for your customers and maintain a competitive advantage in a digital-first world. Digital transformation is the next industrial revolution and every company, from large multi-national corporations to the small and medium sized businesses who have become the backbone of the local economy, will need to start thinking and operating like a digital company. Kenya is experiencing digital transformation everywhere. Nairobi is home to Africa’s “Silicon Savannah” and is bursting with technopreneurs and multinationals seeking to take advantage of the digital and technological transformation in the country and the region.This is very evident in the financial services industry, where the development of Kenya’s money payment platforms, most notably M-Pesa (launched by Safaricom1) which is at the forefront of global developments being made in mobile money services, has contributed towards enhanced financial collaboration, increased accessibility for consumers across all financial brackets, and an incredible appetite across all sectors, including financial services, to utilise existing and newly created digital tools to deliver information, analytics, and data in an effective and transformative way. The same digitization trends exist in multiple sectors, including healthcare, education, retail, and consumer goods, and also the agriculture sector.

A large part of this digital migration is thanks to the Government of Kenya’s impressive push, through the Ministry of Information, Communications and Technology, to encourage socio-economic growth and development through the innovation and promotion of information and communication technology (“ICT”). The Kenya National ICT Masterplan published in April 20142, considers the local, regional, and global changes which will benefit Kenyans. The visible digital uptake is a positive indication that Kenyans are ready to change and accept ICT as they step forward into the digital world. Kenya’s Development Vision 2030 is the country’s national long-term development policy that aims to transform Kenya into a newly industrializing middle income country. The government is committed to achieving this through infrastructural development; science, technology and innovation; and security and public sector reforms.3 The government recognises that technology is one of the foundations for economic development in developing Kenya’s knowledge based economy.

At Microsoft, we agree. We believe that hyper-scale cloud services, in particular, can play a pivotal role in helping Kenya unlock and achieve its development objectives while ensuring a safer, more secure and more effective digital environment, which adheres to accepted international technical standards. As a signatory to a number of international conventions and as a participating member of the International Telecommunications Union4, this emphasis towards a secure, certain, cohesive, and developed technological environment is an understandable priority for Kenya.

Many have already realised the obvious benefits of cloud services, including efficiencies, cost savings, cyber-resilience, and secure access. Increasingly, those looking to future-proof their business are also recognising that to fully harness the potential of technologies like artificial intelligence, machine learning, Internet of Things, and augmented or virtual reality, they will likely need to rely on the hyper-scale cloud and the scalability it can offer. Use of cloud services can also provide a competitive edge.

All clouds are not created equal. As more Kenyans recognise the power and importance of cloud driven technologies, the selection of a trusted cloud service provider with a long history of delivering on privacy and security commitments in a compliant and transparent manner, now more than ever, is a critical part of the cloud journey for any customer. In a time when technology is changing almost every aspect of our lives, and the change is also causing disruption and uncertainty, Microsoft continues to draw from its past as we seek the right answers to questions about how best to realize opportunities ahead and create a trusted, responsible, and inclusive cloud.

Microsoft has been at the forefront of the cloud technology revolution in Kenya and provides its customers with state of the art cloud services. Its solutions such as Microsoft Azure, Office 365, and Microsoft Dynamics 365 power many different customers across the MEA region, including SMEs, large global corporates, public sector, and non-profit organisations. These are just some of the Microsoft cloud services driving the digital transformation across the globe as we seek to empower every individual and every organisation on the planet to achieve more in a safe, secure, and legally compliant manner.

THE REGULATORY LANDSCAPE

  • Cloud adoption in Kenya is still at an early stage but it is growing. The main hurdle has been concerns about the privacy and security of public cloud services and the absence of specific legislation that could assist cloud service providers and consumers of cloud services to navigate the requirements for compliance. That is slowly changing since the drafting of the Data Protection Bill of 20185 and the enactment of the Computer Misuse and Cybersecurity Act, 20186 which was assented to by the President on 16th May 20187. Furthermore, cloud service providers in Kenya, in an attempt to self-regulate, are using cloud service agreements to determine the level of security and privacy assurances that they can offer to their customers. This has led to an increase in the adoption and usage of cloud services as organizations understand they can move to the cloud in a way that meets and often exceeds all their security and privacy requirements. Indeed, cloud solutions from leading providers such as Microsoft are now being recognised for their ability to offer levels of security and privacy compliance that can exceed those available via in-house solutions of even the most sophisticated organisations.

    At Microsoft, we welcome these positive developments. We are pleased to have already participated in a large number of compliance conversations with customers and regulators across sectors. Through these conversations, we have developed a broad range of materials to help our customers in Kenya move to the cloud in a way that meets their regulatory requirements and stay at the forefront of compliance, so that our customers can be confident that their use of Microsoft cloud services meets the necessary requirements.

  • The laws governing the adoption of cloud computing in Kenya fall into two categories – general laws and regulations that apply broadly to all organisations; and laws and regulations that only apply to specific sectors. There is presently no uniform regulation for cloud services in Kenya specifically, although as noted below, legislation has been introduced to deal with cybersecurity and data protection.

    Microsoft is proud to confirm that it meets regulatory and compliance requirements for use of the cloud in some of the most highly regulated industries across the globe and can help you to achieve compliance with the regulatory and compliance requirements applicable in your sector.

    • Data privacy laws in Kenya will receive a much awaited boost when the draft Data Protection Bill is passed in to law. For now, the privacy rights of individuals and corporations are protected by virtue of the Constitution of Kenya 2010 (“Constitution”). The overriding principles enshrined in the Constitution are the right to privacy (article 31), the right to human dignity (article 28) and the right of access to information (article 35).

      Any person whose data is collected in contravention of the right of privacy as provided for in the Constitution has a right to file a Constitutional petition against the infringer. Kenyan courts have issued damages of up to USD 30,000 in the past in breach of privacy law suits.

      Looking ahead towards the eventual enactment and implementation of the Data Protection Bill, the legislation will require companies to implement appropriate, reasonable, technical, and organisational measures to safeguard against the risk of loss or unauthorised access to personal information. These security and technical requirements extend to any data transfers. If this Bill is enacted, firms in Kenya will be liable under statute in the event of any data breach where they do not have measures in place that would reasonably have prevented the data breach. The Bill also empowers the Kenya National Commission on Human Rights to investigate complaints relating to any infringement of rights under the Bill. Whilst the Bill is yet to be enacted into law, many firms in Kenya are referring to the Bill for preferred practice guidelines since the provisions of the Bill are based on international best practice on data privacy.

    • The Computer Misuse and Cybercrimes Act, 20189 sets out offences relating to the use of computer systems.10 It makes it an offence for a person to infringe security measures installed on computer systems and networks. The offence is considered as being more severe in the context of certain “protected computer systems”, which include communications infrastructure, banking and financial services as well as payment and settlement systems. This reflects the growing concern in Kenya about the increased threat of cyberattacks, cybersecurity breaches and cybercrime and its prevention. The legal position is being closely monitored by Microsoft as it continues to develop its products and services for the Kenyan market.

  • In addition to general laws, industry-specific requirements may apply. You can find out more about the requirements that apply in your industry sector by selecting from Industries below.

    Financial Services

    Financial Services

    Government

    Government

    Health

    Health


WE BUILD OUR TRUSTED CLOUD ON FOUR FOUNDATIONAL PRINCIPLES

Security

Security

We build our services from the ground up to help safeguard your data

Learn more
Privacy

Privacy

Our policies and processes help keep your data private and in your control

Learn more
Compliance

Compliance

We provide industry-verified conformity with global standards

Learn more
Transparency

Transparency

We make our policies and practices clear and accessible to everyone

Learn more

INDUSTRY RESOURCES

INDUSTRY RESOURCES

INDUSTRY RESOURCES

INDUSTRY RESOURCES

RECOMMENDED RESOURCES

CUSTOMER STORIES

 
 
SEE MORE STORIES

CUSTOMER STORIES

 
 
SEE MORE STORIES

CUSTOMER STORIES

 
 
SEE MORE STORIES
*EXPLANATORY NOTE AND DISCLAIMER: This website is intended to provide a summary of key legal obligations that may affect customers using Microsoft cloud services. It indicates Microsoft’s view of how its cloud services may facilitate a customer's compliance with such obligations. This website/document is intended for informational purposes only and does not constitute legal advice nor any assessment of a customer's specific legal obligations. You remain responsible for ensuring compliance with the law. As far as the law allows, use of this website/document is at your own risk and Microsoft disclaims all representations and warranties, implied or otherwise.