On July 3, 2018, a draft bill (the “Data Protection Bill”) was introduced that would establish a comprehensive data protection regime in Kenya. The Data Protection Bill would require “banks, telecommunications operators, utilities, private and public companies and individuals” to obtain data subjects’ consent before collecting and processing their personal data. The Data Protection Bill also would impose certain data security obligations related to the collection, processing and storage of data, and would place restrictions on third-party data transfers. Violations of the Data Protection Bill could result in fines up to 500,000 shillings (USD 4,960) and a five-year prison term. According to BNA Privacy Law Watch, while the Data Protection Bill is a “private member’s bill,” the Kenyan government “is working on a separate data-protection policy and bill to be published this week,” with the goal of consolidating the two proposals.