1 month after NITDA deadline, Nigerian startups appear not fully complaint with online data privacy policy

by | May 17, 2019

Following a global wake up call around data privacy, regulatory agencies around the world have started implementing various data protective measures.

The National Information Technology Development Agency (NITDA), Nigeria’s own ICT policy implementing arm of the Federal Ministry of Communication, has unsurprisingly joined in the data privacy fight.

In January 2019, it released the Nigeria Data Protection Regulation (NDPR) draft to provide a framework for safeguarding the rights of persons to data privacy.

NDPR refers to data in this context as personal information of users collected by a controller (company) over electronic communication transactions.


Suggested Read: NITDA is on a mission to safeguard the data privacy rights of Nigerians

Provided users register on the website or app to use the services of a company, the controller is able to have access to this information. NDPR stipulations are however against indiscriminate use of people’s data without consent or authorisation.

As a matter of fact, NITDA’s position is that personal data privacy is a sacrosanct right that must be respected by data controllers. The agency wants to eliminate the abuse of privacy rights in the Nigerian digital space.

Keeping up with compliance

After the NDPR release on 25th of January, 2019, the agency set a three-month timeline for organisations to make available their data protection policies to the public. That deadline was due on April 25th, 2019.

In our quest to find out from businesses whether they are compliant with the NITDA policy, a lot passed on the opportunity to offer comment on the matter. But it is unlikely the bill hasn’t caught a few’s notice.

A chat with Dr. Obinna*, founder of a health startup, on the 23rd of April, two days before the due deadline date of NDPR, showed that startups might not yet have been fully compliant with the NITDA’s regulation.

“I just forwarded it to my CTO to put steps in place to ensure we are compliant,” responded the CEO when asked about his awareness of the NITDA privacy right.

Like him, Hassan*, CTO of one of the many online loan financing platforms said, “We are fully aware of the regulations and have been in talks with our lawyer to see that we are compliant.”


He did however note that there are certain requirements of NDPR that are in dissonance with their business, hence the reason they are yet to be fully compliant with the regulation.

Apparently, due to the nature of their services, they are required to work with a number of third parties (including credit reference agencies and mobile network providers). As such, they sometimes reserve the right to share information with them.

Kemi*, founder of another local internet startup that deals with huge customer data, admits that they haven’t updated their data and privacy policy in over 2 years. She told Techpoint that their legal team is currently reviewing the existing policy to ensure compliance with the new regulation.

Considering these responses, a burning question is whether NDPR was drafted with respect to the needs of individual businesses or if it’s a one-size fits all policy.

The intentions of NITDA

In its defence, NITDA claims that through a series of media engagements, it exposed drafts of NDPR a year prior to its official release.

“The intent was to make the law organic, for easier compliance,” an official statement to Techpoint from NITDA reads.

The agency in its statement further claims that NDPR, among all NITDA regulations, received the most contributions and comments by stakeholders, whom it has enlightened at various levels about its intent.

Although it’s hard to verify this, it is apparent notwithstanding that the agency understands the inherent risks with abuse of user data.

Especially in this age and time where technology is spreading the illegal use and monetisation of user data, data privacy rights cannot be overemphasised.

Even Dr Obinna* agrees, as he thinks that NDPR is surely in line with keeping the trend worldwide.

“It is fine especially as we also have clients in Europe who have made sure we are compliant with the Global Data Protection Regulation (GDPR).”

But now that the NITDA deadline is passed, will it start imposing sanctions or simply extend the deadline?

The agency is saying that it is more keen on enforcing compliance, as opposed to sanction. However, it has already identified some perennial defaulters whom its proverbial axe might soon fall on should they continue to disregard warnings to improve on their privacy policy.

*Real names have been changed at request of interviewees.

Ifeanyi Ndiomewese
Ifeanyi Ndiomewese

Ifeanyi is a desk reporter-turned administrator. Outside of work, I love to read and travel.

Are you in tech and you are looking at getting a foreign remote job or you want to move abroad? Fill this form and you will get the BEST resources to help you get that high paying remote job as well as japa easily! WAGMI!

Notify of
Inline Feedbacks
View all comments

Recent News

Kenya’s digital products for PwDs

Kenya’s digital products for PwDs

On #TechpointDigest, Victoria Fakiya (@latoria_ria) discusses what Jumia’s partnership with CGAP could mean, and Kenya’s digital products for people with disabilities.

Reclaiming stolen African artefacts

Reclaiming stolen African artefacts

On #TechpointDigest, Victoria Fakiya (@latoria_ria) discusses how Traction wants to stop fake alerts, Canza Finance’s journey, Esaal’s $1.7m seed round, and JABU’s $15m series A.

[PODCAST] Relooting African art with NFTs

[PODCAST] Relooting African art with NFTs

What do you think about an NFT project that wants to reclaim Africa’s lost artefacts? Well, the editorial team had some interesting thoughts, and you can listen to this and other stories on today’s episode of #TechpointAfricaPodcast.

$2 million to drive learning via WhatsApp 

$2 million to drive learning via WhatsApp 

On #TechpointDigest, we discuss how major players in the African mobility space can change the mobility narrative, FoondaMate’s $2 million funding, Twitter Create, and AMP’s $5.6 million seed round.

Subscribe to Techpoint Digest!

A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day!

Please check your email to confirm your subscription.

Subscribe to Blockchain Explorer

Analysis oninnovation, regulations, and trends inthe blockchain sector, as it concerns Africa

Please check your email to confirm your subscription.

Subscribe to The Experts

A bi-weekly where tech career specialists take us on their journey from newbie to expert, and how they became successful in the industry.

Please check your email to confirm your subscription.

Subscribe to Founder's Table

A monthly series, where we catch up with founders in the startup ecosystem, learn about their failures, successes and a few tricks of the trade

Please check your email to confirm your subscription.

Copy link
Powered by Social Snap