Kenyan President Uhuru Kenyatta approved a data protection law which complies with European Union legal standards as it looks to bolster investment in its information technology sector.

The East African nation has attracted foreign firms with innovations such as Safaricom’s M-Pesa mobile money services, but the lack of safeguards in handling personal data has held it back from its full potential, officials say.

“Kenya has joined the global community in terms of data protection standards,” Joe Mucheru, minister for information, technology and communication, told Reuters. The new law sets out restrictions on how personally identifiable data obtained by firms and government entities can be handled, stored and shared, the government said.

Mucheru said it complies with the EU’s General Data Protection Regulation which came into effect in May 2018 and said an independent office will investigate data infringements.

Companies such as Kenya Airways and tourist hotels will have to comply when handling personal data from clients, Mucheru said, as will phone-based lenders such as Safaricom, which amasses personal data through services offered jointly with local banks.

Amazon Web Services, part of the Amazon group, said that  it will set up part of its cloud infrastructure in Kenya, adding it was encouraged by the new law. It did not give a value for the new investment. Teresa Carlson, vice president of Amazon Web Services, said the new law paves the way for the company’s investment in Nairobi, according to a government news release. Those violating the law face a maximum fine of 3 million shillings ($29,283) or two years in jail, a copy of the law seen by Reuters showed.