
Trident Insurance penalised for non-compliance with data law
- Published By Jane Njeri For The Statesman Digital
- 1 year ago
The Office of the Data Commissioner has penalised Trident Insurance Company for non-compliance with data protection regulations.
The data protection watchdog, in a letter, directed the insurer to pay Sh1.8 million as a fine for failing to implement critical data protection measures as per the law. The penalty is to be paid within 30 days from the date of the notice (yesterday).
“This Penalty Notice is issued upon Trident Insurance Company Limited (hereinafter as “the Company”) as a result of its neglect and/or default to fully comply with the Enforcement Notice dated 11th March 2024,” read the letter by Data Commissioner Immaculate Kassait in part.
“We note that the Company did not demonstrate the implementation of the measures that needed to be taken by it to remedy or eliminate the situation as envisaged in the Enforcement Notice.”
Kassait highlighted the company’s failure to incorporate a notification mechanism to inform data subjects on matters affecting them, as envisaged under Section 29 of the Data Protection Act.
This, according to the regulator, meant that affected individuals were not adequately informed of their data rights or any potential violations.
Moreover, Trident Insurance is also blamed for not implementing the necessary technical and organisational measures to ensure that only personal data required for specific purposes were collected and processed, a requirement clearly outlined in the Enforcement Notice.
This failure could have exposed the company to potential misuse of personal data, increasing the risk of privacy breaches. Likewise, the insurer lacked an internal complaints mechanism.
Kassait went on to say that the underwriter did not demonstrate how it had established and operationalised internal procedures for resolving data protection complaints.
According to the Data Protection Act, data subjects should be able to exercise their rights and raise complaints, which should be addressed internally in the first instance.
The absence of such mechanisms undermines data subjects’ ability to seek redress when their personal data is mishandled.
In addition, Trident Insurance failed to provide proof that its staff had been trained on data protection, the office added.
The Act requires that all staff managing personal data, especially sensitive personal data, should undergo training to ensure compliance with the law.
The firm is also believed to have been operating without a data controller or processor permit, another mandatory requirement under the Act.
Share on
SHARE YOUR COMMENT
MORE STORIES FOR YOU
Trending Stories
DJ Mo’s former illicit lo...
- Published By Jane
- January 15, 2024
Mapenzi! Zari and Tanasha...
- Published By Jane
- October 24, 2023
Zuchu Speaks on Diamond P...
- Published By Jane
- October 12, 2023
Hio Ni Upumbavu Wasituche...
- Published By Jane
- November 8, 2023
RECOMMENDED FOR YOU
Your Lungs Hold Secrets A...
- Published By The
- September 11, 2025
Better Sleep?: See The Li...
- Published By The
- September 11, 2025
What to Know About iPhone...
- Published By The
- September 11, 2025
From Teacher to Mwalimu N...
- Published By The
- September 11, 2025
Latest Stories
"He Has Taken Bullets For...
- Published By The
- September 15, 2025
How to Be a Good Single D...
- Published By The
- September 15, 2025
Rare ‘Tooth-in-Eye’ Surge...
- Published By The
- September 15, 2025
Donald Trump Suggests a T...
- Published By The
- September 15, 2025