The five main principles of data protection are lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy and storage limitation, and security and confidentiality.

Kenya (and the African Union): In 2014, the African Union (AU) adopted the Convention on Cyber Security and the Protection of Personal Data, which is based on the General Data Protection Regulation (GDPR), with the intention of obliging individual AU countries to enact national data protection laws.