IDMIS is ODPC's digital home for registration, breach notification, compliance, audits, certification, complaints and enforcement — built so every data controller and processor in Kenya can meet the Data Protection Act, 2019 online, and so the public can verify who they're trusting with their data.
From the moment an organisation registers to the day a complaint is closed, IDMIS keeps every actor — entity, officer and the public — on the same record.
Register, renew and vary data controller/processor status online, with BRS due-diligence checks and instant certificates.
Start a registrationAutomated questionnaires score an entity's compliance and recommend corrective action immediately after registration.
Learn moreReport a breach under Section 43, track investigation status, and reach resolution with a full audit trail.
Report a breachSubmit DPIAs, cross-border transfer requests and advisory requests through a three-level review workflow.
Submit a requestRisk-based audit planning, entity selection, scheduling and reporting for ODPC compliance officers.
Officer workspaceApply for the Data Protection Seal, undergo risk assessment, and verify any issued mark of quality publicly.
Apply for certificationLodge a complaint as a data subject, follow investigation progress, and view enforcement outcomes.
Lodge a complaintUser and role management, workflow configuration, backups and a complete administrative audit trail.
Admin consoleCall-centre and web inquiries become trackable tickets with SLA-based escalation and feedback capture.
Get supportAutomated dashboards, statutory report inputs for Parliament, and an ad-hoc report builder for management.
View dashboardsRegister for advocacy events, request training, track attendance, and earn DPO accreditation certificates.
Browse eventsSign in to the internal workspace to manage queues, dashboards and system configuration.
Staff sign-inEvery workflow in this platform traces back to a specific statutory obligation — from Section 18 registration duties to Part VIII enforcement powers — so officers act on a defensible, auditable record, and entities always know where they stand.
Explore the public registerMandatory registration of data controllers and processors operating in Kenya.
Timely notification of breaches likely to result in real risk to data subjects.
Impact assessments for processing likely to result in high risk.
Approval pathway for transferring personal data outside Kenya.
Complaints, investigations, enforcement notices and administrative fines.
Voluntary data protection seals that promote demonstrable compliance.