Ensuring Data Privacy Compliance - A financial services firm needed to align with evolving global data privacy regulations.
A mid-sized financial services company operating in Kenya was flagged for potential non-compliance with the Data Protection Act. With growing scrutiny from both the Office of the Data Protection Commissioner and customers, they needed urgent legal guidance to avoid regulatory fines, reputational damage and loss of client trust. Their biggest challenge? Making sense of the law and applying it practically across their customer onboarding, marketing and HR processes, all while staying operational.
We began with a focused legal and technical audit, mapping out how the company collects, uses and stores personal data. We then: 1. Identified critical compliance gaps; 2. Developed a practical action plan aligned with Kenya’s data protection requirements; 3. Drafted internal policies on data collection that were both legally sound and easy to apply; 4. Provided training for staff and leadership on data handling best practices. Our approach was designed for usability ensuring the team could apply the law without hiring new departments or halting business operations.
The company’s biggest risk was treating data protection as an IT issue instead of a legal one. Senstive personal data, from job applicants, customers and employees, was being collected without a proper lawful basis, including, valid consent, stored indefinitely and shared with third parties without clear contracts or safeguards. They had no appointed Data Protection Officer and minimal staff awareness of their legal obligations.
We helped the company think differently: not just “comply,” but create trust.
We:
.webp)
.svg)
Without urgent intervention, they faced:
· Regulatory enforcement, including possible audit and fines;
· Reputational backlash from customers or staff complaints;
· Exposure to litigation from data breaches or unlawful data processing;
· Loss of competitive edge in a trust-driven market.
Our intervention was fast, structured and realistic. We didn’t just hand over a legal memo, we embedded compliance into how they work. Staff training was held in phases, management was looped in early and we created simplified documentation they could update on their own.
.webp)
Defended a tech startup against patent infringement claims, securing their IP and a favorable settlement to ensure uninterrupted innovation.
.webp)
We guided a regional retail client through a sensitive employment law dispute, balancing legal compliance with brand protection and resolving the matter out of court.
Work with Broline & Associates to structure smart solutions and deliver outcomes that matter.
.webp)
