The Kenya Revenue Authority (KRA) has reaffirmed its commitment to safeguarding personal taxpayer data as it continues to roll out its Digital Transformation Programme.
During a briefing with the Departmental Committee on Finance and Economic Planning, KRA Commissioner General Humphrey Wattanga assured lawmakers that the Authority is actively working with the Office of the Data Protection Commissioner (ODPC) to implement a robust Data Minimisation Strategy. The initiative is aimed at reducing potential risks associated with the handling of sensitive taxpayer information.
“This effort is part of our broader Digital Modernisation Strategy under the 9th Corporate Plan,” said Wattanga. “We have already taken swift action to close any vulnerabilities within our digital platforms that could be exploited to access personal data. Our partnership with the ODPC ensures continuous improvement in system integrity, particularly concerning third-party data access.”
The Commissioner General’s remarks follow KRA’s recent achievement of the ISO/IEC 27001:2022 certification for its Information Security Management System an international standard that highlights the Authority’s commitment to data protection, transparency, and accountable governance in the digital era.
Wattanga also noted that KRA is currently in the initial phase of implementing its revamped Digital Transformation Programme, which is designed to establish a fully integrated IT ecosystem that enables real-time revenue collection and streamlined tax administration.
Among the key innovations is the deployment of the API platform, GAVA Connect, which enables collaboration between KRA, developers, and tech innovators. The platform supports the creation of user-friendly solutions that simplify tax processes and promote voluntary compliance.
