Nairobi, April 22 -- Six years ago, Kenya enacted the Data Protection Act (DPA), becoming the first East African country to establish a comprehensive data protection framework and positioning itself as a continental leader in privacy regulation by bringing accountability to how personal data is collected, processed and stored across both the public and private sectors.

Yet, as the Act enters its seventh year, the conditions in which it operates have shifted considerably. Organisations across Kenya are no longer simply holding or processing data; they are actively using it to understand consumer behaviour, analyse transactions, assess credit risk and personalise services.

Kenyan firms are already deploying artificial intelligence for cre...