May 25 2018, was the deadline for compliance with the Global Data Protection Regulations passed by the EU in 2016. Already, our inboxes have been flooded with messages from email lists of companies we did not even know we subscribed to. Companies all over the world are taking steps to ensure preliminary compliance with the GDPR.
In Nigeria however, only a small number of companies appear interested in setting up GDPR compliance processes. A huge part of this is caused by the confusion as to whether a Nigerian company will be caught by provisions of the GDPR.
Suggested Read: What is GDPR and how does it affect my online business?
This piece aims to provide a quick guide for Nigerian companies who may be caught by the GDPR but do not know.
- Airlines: The nature of the air transport business makes the collection of personal data expedient if not compulsory. If there is the slightest chance that a Nigerian airline will collect the information of an EU citizen or resident in the course of its business, it must consider complying with the GDPR. Of course, there is no question where an airline takes international flights through Europe.
- Banks: From EU based Nigerians making remittances to Nigeria, to Europeans sending money to Nigeria, Nigerian banks are constantly collecting the personal data of EU residents and citizens. It is clear that they must consider GDPR compliance seriously.
- Hotels: Top Nigerian hotels and restaurants who receive foreigners on a regular basis will be constantly exposed to personal information of EU residents. They must think seriously about GDPR compliance.
- Fintech companies: Nigerian Fintech companies who assist in whatever form with international remittances, settlements, collections and processing must put in place GDPR compliance mechanisms.
- Digital advertising agencies: If your business involves assisting Nigerian companies with pushing their products to online audiences including those in Europe, you must consider compliance seriously. If part of this job includes using web analytics, tracking, cookies identifiers, geo-location tracking, you should not be caught using these methods on EU residents without proper internal processes.
- Nigerian companies that use digital advertising agencies: The GDPR not only captures digital agencies, it also follows the companies they act for. So if as a Nigerian company, part of your advertising spend goes to digital marketing agencies, you should consider having a chat with your advertising agents about how they handle data belonging to EU residents.
- Nigerian companies that employ expatriates from the EU: The GDPR has special specifications on how companies should handle employees’ data. If you have European employees, or are looking to have any soon, you may need to set up quick GDPR-compliant processes within your company.
Of course this list is not exhaustive. As a general guide to determine whether your organisation should be considering setting up GDPR compliance, these questions are helpful:
- Do I offer any of my goods and services to EU residents/citizens?
- Do I target EU residents/citizens for the purpose of advertising my goods?
- Is my business positioned in a manner that makes collecting data about EU residents/citizens a normal part of business?
- In the course of its business, is my company in contact with EU residents/citizens on a regular basis?
An answer in the affirmative for any of these questions should make any Nigerian company start considering GDPR compliance. As you may be aware, you are already late.
Enyioma Madubuike is a legal consultant with experience in providing support to companies in Africa, Europe and the Middle East. He leads the team at Lawrathon.com, a legaltech company providing 24/7 support to African technology businesses.