About — Privacy Prism Consulting
About Privacy Prism

African Innovation.
Global Integrity
Standards.

Privacy Prism Consulting was built on a singular conviction: that African organisations should not have to choose between bold innovation and rigorous governance. We exist to make both possible — simultaneously.

Schedule a Structural Briefing → Email the Principal
TM
Principal Consultant · AI Governance & Data Privacy
The Founder
Advocate, High Court LLM (QMUL) CIPP/E GDPR AI Auditor ODPC Registered Multi-Jurisdictional
"Structural integrity is not a checkbox. We do not do quick fixes. We build fortresses."
The Origin

Why Privacy Prism
Exists

Privacy Prism Consulting was founded at the intersection of African innovation and global integrity standards — a space where ambitious organisations are scaling fast, but governance frameworks have not kept pace.

The practice was built on the observation that most compliance services in the region offer one of two things: expensive international legal firms that apply generic GDPR templates without understanding local context, or low-cost local consultants who lack the international credentials to satisfy institutional investors, global partners, or cross-border regulators.

Privacy Prism is neither. We are a multi-jurisdictional practice with credentials recognised in Kenya, the United Kingdom, and the European Union — offering forensic governance architecture that is bespoke, defensible, and commercially aware.

The singular mission: build governance structures that are both rigorous enough for any regulator and agile enough for any growth stage.

"

African organisations should not have to choose between bold innovation and rigorous governance. We exist to make both possible — simultaneously.

The Principal · Founding Statement
Forensic
We find hidden cracks — not surface-level issues. Every engagement begins with a deep audit of your actual data flows.
Structural
We build fortresses, not checklists. Every deliverable is designed to hold under regulatory scrutiny and investor review.
Bespoke
No templates. Every engagement is architected for your specific sector, jurisdiction, and growth stage.
Commercial
We bridge your legal obligations and commercial ambitions — compliance that enables growth, not obstructs it.
The Principal's Qualifications

Credentials That
Hold in Any Room

Every qualification was selected because it matters in the specific rooms our clients need us to enter — boardrooms, regulatory hearings, investor due diligence sessions, and cross-border negotiations.

⚖️
Advocate of the High Court of Kenya
Law Society of Kenya
Called to the Bar and admitted as an Advocate of the High Court of Kenya. Provides full legal standing in Kenyan regulatory matters, ODPC proceedings, and court-adjacent governance work.
🎓
LLM — International Commercial Law
Queen Mary University of London
Master of Laws from one of the world's leading law schools for commercial and international law. Provides the academic foundation for multi-jurisdictional regulatory interpretation and cross-border commercial agreements.
🛡️
CIPP/E — Certified Information Privacy Professional (Europe)
IAPP — International Association of Privacy Professionals
The gold standard for European data privacy certification. Recognised by regulators, investors, and enterprises across the EU and UK as the benchmark professional credential for GDPR practitioners.
🤖
GDPR AI Auditor Certification
Specialist AI Governance Certification
Specialist certification covering algorithmic accountability, AI bias auditing, data lineage documentation, and ESG evidence production under the EU AI Act and GDPR Article 22 automated decision-making provisions.
📋
ODPC Registered Practice
Office of the Data Protection Commissioner — Kenya
Formally registered with Kenya's ODPC — the enforcement body for the Kenya Data Protection Act 2019. Provides clients with confidence that their DPO is known and recognised by the very regulator they may face.
🌍
Multi-Jurisdictional Practice
Kenya · United Kingdom · European Union
Operating simultaneously under Kenyan law, UK GDPR (post-Brexit), and EU GDPR — Privacy Prism is one of a small number of practices on the continent that can provide legally defensible guidance across all three frameworks in a single engagement.
Our Methodology

The A.R.C.H.™
Framework

A
Audit
The Site Survey
Forensic discovery of every hidden crack before a regulator or investor finds it.
R
Roadmap
The Blueprints
A plain-language action plan — no jargon, fully prioritised, scoped to your resources.
C
Controls
The Foundation
Technical locks and governance guardrails implemented directly into your systems.
H
Habit
Site Safety
Culture-led compliance that protects you even when the Principal is not in the room.
Why This Works

The A.R.C.H.™ Framework was developed from a simple observation: most organisations experience data governance failures not because they lacked policies, but because those policies were designed for a different organisation's risks.

Generic compliance templates — downloaded, filled in, filed — satisfy auditors until they do not. A real regulatory investigation does not check whether you have a privacy policy. It checks whether your actual data flows match what that policy says.

The forensic audit at the heart of A.R.C.H.™ maps your real-world data flows first, then builds governance structures around them. The result is a compliance posture that is defensible because it is accurate — not just documented.

This is the structural difference between Privacy Prism and generic compliance services. We do not start with the framework and fit your business into it. We start with your business and build the framework around it.

Regulatory Coverage

Multi-Jurisdictional
By Architecture

Privacy Prism operates at the intersection of three major regulatory frameworks — providing a single, unified compliance posture for organisations that cannot afford jurisdictional blind spots.

🇰🇪
Kenya Data Protection Act 2019
ODPC registration, RoPA development, DSAR management, breach notification procedures, and enforcement correspondence with the Data Commissioner.
KSh 5M max penalty
🇬🇧🇪🇺
GDPR & UK GDPR
Full GDPR compliance architecture, DPA negotiations, DPIA leadership, ICO and EDPB correspondence, and cross-border data transfer mechanisms.
€20M / 4% turnover max
🤖
EU AI Act & AI Governance
High-risk AI classification, algorithmic accountability documentation, bias testing, data lineage, and ESG evidence production for institutional investors.
€35M max penalty
What We Stand For

Four Values That
Govern Every Engagement

🔍
Forensic Honesty
We tell clients what their data governance actually looks like — not what they hoped it would look like. Uncomfortable findings are the most valuable ones.
🏛️
Structural Integrity
Every deliverable is designed to hold under real regulatory scrutiny — not just pass an internal review. If it would not survive an ODPC or ICO investigation, we rebuild it.
🌍
African Ambition
We believe African organisations deserve governance frameworks that match their ambition and their context — not recycled templates from foreign jurisdictions.
⚖️
Commercial Awareness
Compliance that stifles growth is not good governance — it is just expensive obstruction. We build structures that enable commercial ambition, not constrain it.
The Privacy Prism Manifesto
"

Structural integrity is not a checkbox. We do not do quick fixes. We do not provide flat-rate compliance. We do not recycle templates. We sit with you, forensically examine your systems, and build a governance architecture that reflects the actual risk — not the theoretical one. We build fortresses. If you are ready to break ground, we are ready to lead.

The Principal · Privacy Prism Consulting
Begin Here

Ready to Meet
The Principal?

Schedule a free 20-minute Forensic Intake Briefing. No commitment. No templates. Just a structured conversation — and a custom A.R.C.H.™ Roadmap delivered within 48 hours.

Book Your Briefing → Email the Principal

3 questions · 20 minutes · A.R.C.H.™ Roadmap within 48 hours

Privacy Prism — Footer