Back

MMUST Hosts Data Protection Awareness Training for ICT and QA Officers at Kisumu Hotel

In a significant stride toward reinforcing its commitment to data protection, Masinde Muliro University of Science and Technology (MMUST) recently hosted a Data Protection Awareness Training for its ICT and Quality Assurance (QA) officers. The training, held from 18th to 20th November 2023 at Kisumu Hotel, was conducted by experts from the Office of the Data Protection Commissioner (ODPC). This training marked an important step in MMUST’s efforts to comply with the Data Protection Act, 2019 and ensure that the university’s staff are well-equipped to manage personal data responsibly and securely.

As a Data Controller, MMUST determines how and why personal data is collected, processed, and stored. As a Data Processor, the university is entrusted with handling data on behalf of others, including student records, employee information, health data, and other sensitive personal data.

Given the scale at which MMUST handles personal data, it is vital that the ICT and QA teams—the key custodians of data within the institution—understand their roles in safeguarding this data. The training focused on enhancing the capacity of these teams to uphold the principles of data protection and comply with the Data Protection Act.

“Data protection is not just a legal requirement; it’s an essential part of maintaining the trust of our students, staff, and stakeholders. The training ensures that our ICT and QA teams are fully prepared to handle personal data securely,” said the Director of ICT Services at MMUST.

A Comprehensive and Interactive Training Session

Held at Kisumu Hotel, the Data Protection Awareness Training covered a wide range of topics essential for understanding the nuances of data protection, including:

  • Data subjects’ rights (e.g., the right to access, rectify, or delete personal data)
  • Legal bases for data processing under the Data Protection Act, including the requirement for explicit consent
  • Best practices for ensuring data security, such as encryption, access controls, and secure storage
  • The responsibilities of data controllers and processors in protecting personal data
  • Responding to data breaches, including reporting procedures and risk mitigation
  • Institutional accountability in data processing and transparency

The training was designed to provide ICT and QA officers with practical knowledge on implementing data protection principles within MMUST’s daily operations, ensuring that the university is compliant with the law and effectively safeguarding personal information.

“The training was a great opportunity to deepen our understanding of data protection laws and how they apply to our roles. We now feel more confident in managing data securely and ensuring compliance with the law,” shared one of the participants from the ICT team.

Real-World Scenarios and Interactive Discussions

Facilitated by experts from the ODPC, the training was highly interactive. Participants engaged in real-world scenarios, case studies, and role-playing exercises designed to reflect the challenges of implementing data protection in a large institution. These activities helped participants understand how to address common data protection issues and develop strategies to minimize risks.

One key area of focus was data breach response. Participants were guided on the steps to take in the event of a breach, including how to identify potential threats, how to mitigate damage, and how to report incidents to the ODPC in a timely manner.

“Handling data responsibly is not only about complying with laws; it’s also about building trust within the university community. The training showed us how to ensure transparency in our processes and keep data safe,” said a QA officer who attended the training.

The Path Forward: Embedding Data Protection into MMUST’s Operations

The training served as a critical step in MMUST’s ongoing journey toward full compliance with the Data Protection Act, 2019. With the knowledge gained from the training, MMUST’s ICT and QA officers are now better equipped to implement data protection measures across the university’s operations.

Moving forward, MMUST will focus on:

  • Regular data audits to ensure that personal data is being handled securely
  • Developing institution-wide data protection policies that all departments must adhere to
  • Ongoing staff training to reinforce best practices in data privacy
  • Implementing secure data management systems across digital platforms like Sajili (Digital Attendance System) and ProMed HMIS (Health Management Information System)

By continuing to foster a culture of data privacy awareness and compliance, MMUST is positioning itself as a leader in digital responsibility within Kenya’s higher education sector.

“Data protection is a continuous process, and this training is just the beginning. Our commitment to securing personal data is foundational to MMUST’s digital future,” added the Deputy Vice Chancellor for Administration, Planning, and Finance.

Looking Ahead: A Data-Privacy-First University

With the successful completion of this Data Protection Awareness Training, MMUST is now poised to fully integrate data protection into its everyday operations, ensuring that privacy rights are safeguarded, and data handling practices are secure and transparent.

As the university continues to digitize its systems and expand its digital footprint, MMUST is committed to creating a data-secure campus that respects the privacy of all stakeholders—students, staff, and the wider community.

MMUST

You may also like

promed
MMUST ICT Directorate Successfully Implements ProMed Health Management Information System
July 29, 2025
1718862461947
MMUST ICT Implements Sajili Attendance System in Partnership with Konza
July 29, 2024
compliance
MMUST Registered as Data Controller and Processor: Pioneering Data Privacy Compliance in Higher Education
July 15, 2023
toggle icon