Mini Group has successfully concluded a one-week Training-of-Trainers (ToT) program focused on data protection delivered by Tenacity Business Solutions, equipping a cohort of internal champions to cascade privacy best practices across the organisation. The intensive course blended law, policy, and hands-on practice to ensure teams can confidently meet the requirements of the Kenya Data Protection Act (2019) and embed privacy by design into everyday operations. Our commitment to data protection isn’t just for compliance—it’s about trust, transparency, and responsible growth.

Over five days, participants explored core topics including lawful bases for processing, informed consent and withdrawal, data sovereignty and cross-border transfers, data portability, subject rights (access, rectification, erasure), records of processing (RoPA), retention and secure disposal, vendor due diligence, incident response, and breach communication. Practical labs covered mapping data flows, running DPIAs, improving consent language on digital forms, and setting up repeatable internal controls.

“This program turns policy into practice,” said the Data Protection Officer, quoting Brené Brown: “Integrity is choosing courage over comfort—choosing what’s right over what’s fun, fast, or easy—and practicing your values, not just professing them.”

Each trainee left with a department-ready toolkit: a mini-curriculum to deliver 30–60 minute sessions, slide decks and job aids, a RoPA template, a data-incident playbook, and checklists for consent, retention, and third-party risk. The group also agreed on near-term targets, including refreshing consent statements on forms and systems, tightening access controls, and improving turnaround time for data-subject requests.

Certificates awarded (Friday, 15 August 2025). At the close of the program, six Data Protection Officers (DPOs) were presented with certificates by Group leadership alongside the Data Protection Office and Tenacity Business Solutions’ lead facilitator. The recognition affirms their competence in privacy governance and trainer delivery skills and formalises their role within Mini Group’s Privacy Champions Network.

In the coming weeks, the Privacy Champions Network will roll out bite-sized awareness sessions, support internal audits, and track progress against KPIs such as request-handling timelines, completion of staff refreshers, and closure of remediation actions. By building in-house capacity, Mini Group is strengthening customer trust and safeguarding the data that powers its business.

Highlights

• One-week ToT developed around Kenya’s Data Protection Act (2019), facilitated by Tenacity Business Solutions
• Deep-dive on consent (and withdrawal), sovereignty, portability, and incident response
• Practical labs: DPIAs, data-flow mapping, consent wording, RoPA & retention
• Output: trainer toolkits, checklists, and an internal Privacy Champions Network
• Certificates presented to six DPOs on 15 August 2025
• Next steps: awareness rollouts, audits, and measurable compliance KPIs