We advise innovation-led and transactional businesses managing sensitive data across digital platforms, teams, and technologies. Whether you’re launching a new product, preparing for a regulator audit, or responding to a breach, we deliver practical, forward-looking legal support.
Our team integrates privacy-by-design, data governance, and cybersecurity enforcement strategies, built on deep knowledge of the Kenyan Data Protection Act and its intersection with commercial law, technology contracts, and global privacy standards like the GDPR.

We also help foreign entities localize data frameworks for the Kenyan market and support AI-powered solutions by embedding legal risk management from design to launch. From structuring cross-border data use to prosecuting breaches, we work with you to stay compliant and resilient.

We’ve supported fintechs, platforms, and global brands through successful ODPC audits, regulator filings, policy rollouts, enforcement defence, and breach recovery. Whether you’re scaling, restructuring, or launching a data-centric product, we help you do it right.

Our services include;
Compliance & Governance

• Full-scope data protection audits, DPIAs, and gap assessments
• Implementation planning and remediation support
• Localisation of global data and cybersecurity policies for Kenyan subsidiaries
• ODPC registration, compliance filings, and ongoing reporting obligations
• Privacy-by-design legal input for AI products, SaaS platforms, and mobile apps
• Mapping of internal privacy, access control, and cybersecurity controls
• Development of SOPs, internal data governance protocols, and layered policies
• DPO advisory services and support with accountability frameworks
  
  Contracts & Data Transactions
• Drafting and reviewing NDAs, employee data clauses, and BYOD policies
• Data processing, data sharing, and cross-border transfer agreements
• Transfer Impact Assessments (TIAs) and international data flow structuring
• Data licensing agreements and allocation of rights in commercial transactions
• Integration of data use terms in platform agreements, M&A, and SaaS deals
  
  Cybersecurity & Breach Response
• Cybersecurity policy development and legal governance frameworks
• Incident response plans and escalation strategies
• Legal response during and after a breach, including internal investigation
• Regulator breach notifications, documentation, and authority coordination
• Legal support under the Computer Misuse and Cybercrimes Act, including prosecuting or defending employee-related data offences
  
  Enforcement & Disputes
• Representation or defence in complaints before the ODPC
• Legal advisory during ODPC audits and enforcement proceedings
• Internal investigations for data violations involving staff or contractors
• Evidence preparation, authority liaison, and prosecution coordination
  
  Training & Strategic Advisory
• Training for staff, management, and boards on privacy and cybersecurity obligations
• Consent strategy, lawful basis determination, and data use policy review
• AI legal risk analysis and compliance strategy for personal-data-powered systems
• Advisory for global businesses entering the Kenyan market with data-driven models