Introduction

Purpose and Scope

The African Higher Education in Emergencies Network (AHEEN) is a nonprofit initiative dedicated to delivering academic diplomas, degrees, and employability-focused programs to refugees and internally displaced persons (IDPs) across Africa. Hosted by the University of Nairobi (UoN), AHEEN operates in sensitive humanitarian contexts where data protection is paramount to safeguarding vulnerable populations, ensuring educational access, and upholding human dignity. This handbook provides comprehensive guidance on protecting personal data throughout its lifecycle, tailored to AHEEN's operations in emergency settings.

This document applies to all AHEEN staff, volunteers, partners, and contractors who handle personal data, including student records, beneficiary profiles, and program evaluations. It aligns with:

• Kenya's Data Protection Act, 2019 (DPA).
• UoN's data privacy policies and statements for students and staff.
• The International Committee of the Red Cross (ICRC) Handbook on Data Protection in Humanitarian Action (2nd ed., 2022), which emphasizes "do no harm" principles in volatile environments.

Non-compliance may result in legal penalties, reputational damage, or harm to beneficiaries. All personnel must review this handbook annually.

Key Definitions

• Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, ID number, health details, location).
• Sensitive Personal Data: Data revealing racial/ethnic origin, health, biometrics, or other special categories under DPA Section 2.
• Data Controller: AHEEN/UoN, responsible for determining processing purposes.
• Data Processor: Third parties (e.g., cloud providers) handling data on AHEEN's behalf.
• Data Protection Impact Assessment (DPIA): A risk evaluation tool for high-risk processing.