Data protection regulations implement legal obligations to ensure data security while processing personal data. The main aim of the regulations is to ensure accountability of those who collect information. Organizations are not only required to implement processes that are compliant to these regulations but also be able to document their compliance. This paper explores the impact of data privacy and security laws on organizations. This is motivated by the need to ensure data confidentiality as highlighted in the privacy laws. Specifically, the study is aimed at identifying the challenges Kenyan organizations face in achieving compliance to the Kenya Data Protection Act 2020 and how they can utilize emerging technologies such as data analytics to assist in compliance to the said regulation.  The research findings discussed in this paper propose strategies that can help promote the adoption of data analytics as a strategy to monitor compliance of the regulation. The proposed strategies are evaluated using an analytics-based prototype that utilizes key performance indicators to monitor risk compliance. The results of the study highlight the need of integrating data analytics in the risk assessment of personal data maintained by an organization this enhancing the compliance of the Act in organizations.

The study investigates the impact of data privacy and security laws on organizations that collect or utilize personal data to maintain normal operations. This is motivated by the need to ensure data confidentiality as highlighted in the privacy laws. The study also focused on validating and testing the solution to show how data analytics will be useful in helping organizations to be compliant with the Data Protection Act of Kenya.

Key Words: Data Analytics, Risk Assessment, Data Protection Act of Kenya, Key Performance Indicators, Personal Data, Compliance