Techpoint Africa is now NDPR compliant; here’s how we beat the June 30 deadline

by | Jul 7, 2020

In line with the provisions of Nigeria’s National Information Technology Development Agency (NITDA), Techpoint Africa has fulfilled compliance requirements for the Nigeria Data Protection Regulation (NDPR).

The NDPR, which was released on January 25, 2019, provides a broad framework for safeguarding the rights of individuals to data privacy.

Individuals and businesses alike are gradually moving online. But surfing the web without regards to data privacy is like going onto a battlefield without any armour.

Though most people do not seem to care who has access to their data, in this article, we peeked into the mind of a hacker to understand why data privacy should be taken seriously.

Advertisement

In January 2019, NITDA set a three-month deadline for NDPR compliance. However, one month after the deadline, several startups had still not met the requirements.

The ICT development agency has since made other deadlines for companies to comply, with June 30, 2020, being the most recent.

Techpoint Africa has gone through the regulatory compliance check and we discovered that the NDPR compliance is a continuous process.

In a chat with Enyioma Madubuike, co-founder of Lawrathon; and Muyiwa Matuluko, our co-founder, they reveal how we beat the June 30 deadline.

Why is being NDPR compliant important for Techpoint Africa?

Based on this earlier article, any company that processes personal data is recognised as a data controller. When NITDA released the NDPR, some organisations might have wondered if it applied to them.

“Even before the NDPR was instituted, Techpoint Africa has always taken data privacy seriously,” says Muyiwa Matuluko, co-founder and editor-in-chief of Techpoint Africa.

This is linked to the fact that Techpoint Africa handles the data of past event attendees, those who have purchased our reports, data of team members, and subscribers, etc.

Who was involved in the check?

It involved a licensed Data Protection Compliance Organisation (DPCO) sanctioned by NITDA to submit the final audits. In our case, it was TechHive Advisory. Lawrathon partnered with the DPCO to make this happen.

Advertisement

How much did it cost?

Submitting to NITDA costs ₦50,000 ($129.79). In addition to that, the DPCO charges a fee, that you both agree on, to interface with NITDA on your behalf.

What were the steps involved?

The compliance check involved a thorough audit of Techpoint Africa’s data flow processes. Madubuike reveals that the NDPR compliance check involved quite a number of processes.

“Lawrathon started with an audit of the Company’s data flow processes. This means that we sought to understand how the Company collects, uses, shares, transfers, and exchanges data both within and outside the Organisation. This involved interviewing every department to get a view of their data practices,” he explains.

“The preliminary audit revealed gaps within the Company’s data handling processes which led to the development of new policies, creation of new processes, and knowledge development schedules to keep key employees informed of best practices.”

What kind of data was analysed?

The compliance check involved analysing different types of personal data, which warranted different kinds of safeguards and policies.

“We analysed personal identifiable information collected and used by the Organisation,” says Madubuike.

Personally identifiable information (PII) is any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records.

Also falling under PII is any other information that is linked or linkable to an individual, such as medical, educational, financial, or employment records.

Examples of PII include, but are not limited to:

  • Name: full name, maiden name, mother’s maiden name, or an alias.
  • Personal address information: street address or email address.
  • Personal telephone numbers
  • Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting.
  • Biometric data: retina scans, voice signatures, or facial geometry.
  • Information identifying personally owned property: VIN number or title number.
  • Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person.

How long did the NDPR compliance check take?

The compliance check process took about two weeks.

“We started in the middle of June and submitted the final audit to NITDA by the 26th,” Madubuike reveals.

Did it bring any change in privacy policies?

Lawrathon updated Techpoint Africa’s privacy policies, data protection, and retention policies.

“We are also looking to incorporate best practice in data handling within the organisation through constant training and internal self-reporting procedures,” Madubuike says.

What safeguards were put in place?

Proper data breach detection process and the appointment of a data protection officer (DPO).

As a consequence of the audit, Techpoint Africa is looking to set up better systems for personal data collection, use, and transfer. Also, the appointment of a data protection officer within the Organisation will ensure proper processes for data breach detection and notification are in place.

According to Madubuike, the DPO will also lias with the DPCO on behalf of the company.

“We did a full data flow mapping of Techpoint Africa’s data collection, processing, storage, and transfer flow. We prepared a full audit report for the team. We also prepared a new privacy policy and data protection/retention policy as we set up internal processes to ensure data privacy best practice,” Madubuike explains.

“We are definitely more conscious of how we particularly handle offline data now. Thankfully, we have a safe but there are still a few processes and systems we need to put in place,” Matuluko explains.

Is the compliance process over?

No, it is an ongoing process.

While Techpoint Africa has met the requirements to audit its handling of personal data in line with NITDA regulations, compliance is an ongoing process. Yearly data privacy audits have become a requirement for Nigerian companies and Techpoint Africa, like many other similar companies, must continue to tune its systems to attain best data privacy practices.

Featured Image Credit: wuestenigel Flickr via Compfight cc

Senior Reporter at | Website

Writer and Narrator.  Tech, business and policy analysis is my daily bread.

Looking to chat? Catch up with me, @eruskkii, on Twitter or send a mail to emmanuel@techpoint.africa


Techpoint Build 2021 is here! Be part of the largest gathering of innovators, startup founders, thinkers, programmers, policymakers, and investors in West Africa. Register free now.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

5 ways to support Techpoint Africa

5 ways to support Techpoint Africa

If you value the work we do at Techpoint Africa and would like to help ensure that the core of our journalism remains free and independent, please consider these 5 ways to support us

Subscribe to Techpoint Digest!

A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day!

Please check your email to confirm your subscription.

Subscribe to Crypto Explorer

A monthly series featuring in-depth analysis on the cryptocurrency sector in Africa

Please check your email to confirm your subscription.

Subscribe to The Experts

A bi-weekly where tech career specialists take us on their journey from newbie to expert, and how they became successful in the industry.

Please check your email to confirm your subscription.

Subscribe to Founder's Table

A monthly series, where we catch up with founders in the startup ecosystem, learn about their failures, successes and a few tricks of the trade

Please check your email to confirm your subscription.

Copy link
Powered by Social Snap