Legal and Regulatory Compliance
Legal compliance requirements and regulations can have a significant impact on us and our customers. We want to support our customers on their compliance journey and enable them to meet stringent compliance requirements with technology. Some key compliance requirements include data residency regulations, Kenya Private Security Act, Kenya Data Protection Act and GDPR. We summarize herein steps we have taken to comply with each.
Legal or regulatory requirements are imposed on organizations that handle sensitive personal information. Depending on the country or industry such as governmental institutions, medical industries, or education, some organizations are required to store their visitor data locally.
We offer a choice between a Hosting your data on our Cloud or on your own on Premise Server. This service is only available for our enterprise customers on a long term (Minimum 2 year Contracts). We are committed to data protection and are working on growing the list of data centers to provide the flexibility you need.
The Kenya Private Security Regulation Act. 2016 Provides for the regulation of the private security industry and a framework for cooperation with National Security Organs.
Section 48 of the Act gives the legal mandate to private security operators to record and temporarily withhold identification documents before granting visitors access to their customers premises. Soja is an apt tool for security service providers to legally exercise this mandate.
We recommend to our customers to clearly communicate this via relevant channels e.g. via a signage that is clearly visible to obtain their consent as part of data protection laws compliance requirements.
The Kenya Data Protection Act, 2019 executed through the Office of the Data Protection Commissioner (ODPC) is a legal framework for the protection of privacy rights of data subjects. The law applies to data controllers and data processors who process personal data about data subjects located within the country of Kenya.
The Act offers the data subjects the right to be informed, to access, erasure, opt-out, rectification, and data portability and not to be subject to automated decision-making. Identigate Integrated Solutions (Product and Brand owner of Soja Visitor Management platform) is registered as a data Processor in compliance with the requirements and provisions of the law.
The EU General Data Protection Regulation (GDPR) is a new comprehensive data law that is designed to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data security. It requires companies and governments to be transparent about the personal data they process, have a legitimate purpose for their use of that data, and exercise care in handling data. We provide our customers subject to GDPR compliance requirements additional Addenda to their contracts with detailed provisions for compliance to GDPR.