The decision follows an investigation into the bank’s handling of her personal information, which was found to have been processed without her consent.
According to the ODPC, the customer’s data was used in ways that violated Kenya’s data protection laws.
The investigation revealed that DTB shared and processed her information illegally, raising serious concerns about privacy and security.
This action by the bank was described as a clear infringement of the rights guaranteed under the Data Protection Act.
In its ruling, the ODPC emphasized that individuals have the right to control their personal data.
Any organization that processes personal information without proper authorization or consent is in breach of the law.
The fine imposed on DTB is intended to serve as a warning to other financial institutions and organizations handling sensitive information.
The customer, who reported the case, expressed relief at the decision.
She highlighted that the ruling reinforces the importance of data privacy and holds powerful organizations accountable.
“It is reassuring to know that my rights as a citizen are being protected. Companies must respect our information,” she said.
DTB Kenya and Uganda have been instructed to implement measures that ensure compliance with data protection regulations.
This includes proper handling, storage, and processing of personal information, along with clear consent mechanisms for customers.
Experts say this case sets a significant precedent in Kenya, signaling stronger enforcement of data protection laws.