Elly Okoth

Results-driven Lawyer with over seven years of experience advising clients in Compliance Analysis, Policy Development, Corporate Law, Commercial Law, Data Protection and Privacy Law and Company Secretarial Services. Proficient in drafting legal documents, negotiating settlements and instituting proceedings. Poised and dedicated professional with proven to thrive in complex and detail-oriented industry

Employment History

Legal & Human Resource Compliance at Agricultural Employers Association,

Nakuru

NOV EMB ER 2 0 2 1 - TO DAT E

● Data Protection training and awareness among the members.

● Attending Court proceeding and representing members

● Court- Representation of Members in the Employment and Labour Relations

Court.

● Audit- Conducting of Human Resource Compliance Audits among members.

● Arbitration- Representation of members in the Labour Disputes with the Union

● Managed and coordinated the regulatory affairs and asset management.

● Researched, interpreted, and advised the company regarding compliance with laws and regulations.

● Handled regulatory inquiries from Government, Members and foreign regulators.

● Acted as an effective liaison with regulatory agencies.

● Tracked HR issues to resolution and escalated as needed.

● Served as the first point of contact for virtual and onsite employee inquiries.

● Negotiated contract terms with talent and oversaw credentialing process.

Data Protection Consultant- Part Time at Privacy Hub Africa, Nairobi

JUL Y 2 0 2 2

● Advicing on the Registration of Data Controllers and Data Processors in Africa.

● Performed adequate research to ensure a deep understanding of Data

Protection in Africa.

● Trained and created awareness to the general public on Data Protection in

Africa

● Established the Data Protection framework and implementation plan, and development of policies including developing templates for data collection and assisting with data mapping.

● Guided the various subsidiaries and departments on the implementation of the

Data Privacy requirements and supporting them to ensure compliance with the

Data Protection Act (including how to deal with privacy breaches)

● Created and Maintained a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities which must be made public on request.

● Trained stakeholders involved in data collection/processing, updating the training requirements as well as conducting specific training for particular processing requirements.

● Conducted Reviews to ensure compliance, accountability and to address potential issues proactively.

● Ensured that IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).

● Supported business in preparation of privacy statements for each processing operation, and ensuring processes are put in place to ensure that the privacy statement is provided to the data subjects on all company forms and/or literature, websites and other communication or data collection mediums.

● Collaborated with the Information Security function to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments,

security breach response, complaints, claims or notifications, and responding to subject access requests (SARs).

● Created Information Base: Create an intranet page for data protection in the institution which includes privacy statements, Data Protection guidelines/instructions of the institution/body, quality assurance reports, Data

Protection periodic reports, and any other elements which may be helpful to the controllers and the staff of the organization.

● Served as the point of contact between the company and the Regulatory

Authorities and co-operating with them during inspections by answering any complaints or queries raised.

● Interfaced with data controllers and data subjects to inform them about the use of their data, their data protection rights, obligations, responsibilities, the measures the company has put in place to protect their personal information and to raise awareness on the above.

● Provided quarterly status updates to senior and middle management and drawing immediate attention to any failure to comply with the applicable data protection rules.

● Prepared an annual work programme at the beginning of each year for sign off.

Post Graduate - Legal Practice, Kenya School of Law, Nairobi

F EB R UAR Y 2 0 2 0 — D EC EMB ER 2 0 2 1

Advocate of the High Court of Kenya

Bachelor of Law, Catholic University Eastern Africa (School of Law) - Nairobi-

Kenya, Nairobi

S E P T EMB ER 2 0 1 5 — OC TOB ER 2 0 1 9

LLB Degree

Data Protection, British Council, Nairobi

J ANUAR Y 2 0 2 1 — MAR CH 2022

Certificate in Data Protection

Kenya Certificate of Secondary Education, Shimo La Tewa High School,

Mombasa

F EB R UAR Y 2 0 0 8 — NOV EMB ER 2 0 1 1

High School Certificate

Kenya Certificate of Primary Education, Broad Way Academy, Mombasa

J ANUAR Y 2 0 0 5 — D EC EMB ER 2 0 0 7

Primary School Certificate

CHRP- Certified Human Resource Practitioner, College of Human Resource

Management

MAR CH 2 0 2 2

CHRP- Certified Human Resource Practitioner

Diploma in Law, Inoorero University, Nairobi

F EB R UAR Y 2 0 1 2 — 2014

Paralegal Certificate

Courses

Anti-Money Laundering and