Nigeria data protection, March 15 compliance deadline: What you should know

by | Mar 11, 2020

In the age of digital, one of the most important regulatory crossroads is that of data privacy for online users.

Getting data privacy regulation right creates trust in online digital infrastructure which relies heavily on the collection of data for key decision making.

It is why the Nigerian Information Technology Development Agency (NITDA) should be applauded for steps to regulate the data collection and processing activities of Nigerian companies through the Nigerian Data Protection Regulations 2019 (NDPR).

Yet, as the March 15 2020 deadline stipulated for the submission of data protection audits approaches, many companies affected by the regulation still have not heard of it.

Advertisement

After pushing forward this deadline twice in 2019, NITDA looks determined this time to impose the relevant sanctions for non-compliance which range from penalties of up to 2% of the annual gross revenue of a non-compliant company, in addition to other penalties provided under the NDPR.

If you are like many companies just hearing about this regulation, please read our earlier article on the topic.

As you rush to comply, these are other things you should know

What is the relationship your organisation has with personal data?

 

computer data display documents 577210

The NDPR covers operations performed on personal data like collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, and so on.

You must identify the type of personal data your organisation collects. This will provide clarity on the most effective means to comply with the regulation.

Find a licensed Data Protection Compliance Officer (DPCO) to conduct an audit

NITDA does not accept audit reports by non-licensed auditors. Every audit report required under the regulation must be accompanied by a verification statement by a licensed DPCO.

Advertisement

Your financial auditor is also not allowed to audit your data protection activities even if it is a licensed DPCO due to conflict of interests.

In assessing your organisation’s data processing activities for the purpose of compliance…

… these are some of the questions that must be answered:

  • How is data collected?
  • Which department receives such data?
  • Why does the organisation process such data?
  • What are the security measures taken by the organisation to prevent data breach?

Is your organisation considered high priority by NITDA?

Because of the nature of certain organisations and their access to sensitive consumer data, NITDA considers them high priority as it pushes to drive compliance.

These organisations include: banks, telecommunication companies, Pension Fund Custodians and Pension Fund Administrators, insurance companies, fintechs, notable hospitals, and stock brokers.

If your organisation falls within these categories, it is important to start compliance processes immediately.

Train your employees

Data Protection compliance requires the effort of all the parts within your organisation because data collected is often used by different departments.

It is important that emoloyees are aware of the risks that come with handling people’s data and how to prevent unnecessary regulatory sanctions.

As March 15 approaches, these steps will keep organisations protected from drastic regulatory sanctions from NITDA for their data processing activities.

Enyioma Madubuike is a legal consultant with experience in providing support to companies in Africa, Europe and the Middle East. He leads the team at Lawrathon.com, a legaltech company providing 24/7 support to African technology businesses.

Looking to transition into tech? Learn how to code in 1 year with AltSchool Africa. Earn a diploma in software engineering at $0. Apply Here.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

An Indian masterclass?

An Indian masterclass?

With Parag Agrawal appointment as Twitter’s CEO is the latest in a growing trend of Indian-American CEOs. Today on #TechpointDigest, @chigo_nwokoma discusses lessons from India.

Subscribe to Techpoint Digest!

A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day!

Please check your email to confirm your subscription.

Subscribe to Crypto Explorer

A monthly series featuring in-depth analysis on the cryptocurrency sector in Africa

Please check your email to confirm your subscription.

Subscribe to The Experts

A bi-weekly where tech career specialists take us on their journey from newbie to expert, and how they became successful in the industry.

Please check your email to confirm your subscription.

Subscribe to Founder's Table

A monthly series, where we catch up with founders in the startup ecosystem, learn about their failures, successes and a few tricks of the trade

Please check your email to confirm your subscription.

Copy link
Powered by Social Snap