Bellmac Data Privacy Services offers end-to-end data protection solutions to help your organization stay compliant with global data privacy laws, including Kenya’s Data Protection Act, 2019 (DPA) and the General Data Protection Regulation (GDPR). Our multidisciplinary team blends ICT, legal, and cybersecurity expertise to deliver tailored, practical, and legally sound privacy solutions.
Outsourced Data Protection Officer (DPO) Services
Full-time DPO
Ideal for organizations that require a DPO without hiring in-house. We provide a named DPO supported by our expert team to:
- Advise on compliance with the DPA and related laws
- Monitor data protection practices and policies
- Support capacity-building for staff
- Conduct Data Protection Impact Assessments (DPIAs)
- Liaise with the Office of the Data Protection Commissioner (ODPC)
Interim DPO
Short-term DPO support for companies with in-house officers who need additional help on demand.
Data Protection Advisory
We provide customized guidance and practical solutions to support your compliance journey:
- Data Protection Impact Assessments (DPIA)
Required under Section 31 of the DPA for high-risk data processing. We conduct project-based DPIAs to identify and mitigate privacy risks early. - Data Subject Rights Management
We manage and respond to Data Subject Access Requests (DSARs), ensuring legal compliance, quality assurance, and proper redaction. - Regulatory Representation
We represent clients during investigations, subpoenas, or inquiries by the ODPC, including preparing responses and handling official correspondence. - Data Protection Health Checks
Our routine audits identify compliance gaps, liability risks, and opportunities for strengthening your data governance framework. - Data Registration Services
We assess your threshold for mandatory registration and complete the process for you, including:- Classification of personal data and processing purpose
- Identification of data subjects
- Documentation of safeguards, risk controls, and indemnity measures
International Data Transfer Compliance
Transferring personal data outside Kenya is subject to strict requirements under the Data Protection Act, 2019 (DPA). Bellmac ensures your organization remains compliant by offering the following services:
1. Liaison with the Office of the Data Protection Commissioner (ODPC)
We handle all correspondence with the ODPC, including:
- Submitting evidence of appropriate security safeguards and jurisdictions with adequate data protection laws
- Demonstrating the effectiveness of safeguards or compelling legitimate interests when required
2. Data Subject Consent
We support you in obtaining valid consent from data subjects for international transfers, along with confirmations of adequate safeguards.
3. Kenyan Data Center Representation
For processing activities requiring local data infrastructure, we offer representation through our offices, including:
- A physical address in Kenya
- Local phone and email support (with translation services)
- Ongoing legal advisory and updates on data protection issues affecting your operations
4. Data Protection Training
We deliver customized, legal-focused training on international data transfers and other key compliance areas through:
- In-person workshops
- Webinars and podcasts
- Roundtable discussions with industry experts