Nigeria's President signs Data Protection Bill 2023 into law. What it means for you

·
June 15, 2023
·
4 min read
igeria's President signs Data Protection Bill 2023 into law

Nigeria's President, Bola Ahmed Tinubu has signed the Data Protection Bill 2023 into law. Proposed earlier by ex-President Muhammadu Buhari, the bill provides a legal shield to protect your personal data online and offline in Nigeria.

The bill also sets up the Nigeria Data Protection Commission. A National Commissioner will lead it, controlling how personal data is processed.

Dr Vincent Olatunji, National Commissioner of the Nigeria Data Protection Bureau (NDPB), announced this at a workshop in Abuja, where they were validating the NDPD's strategic plan.

In 2019, the Nigerian Information Technology Development Agency (NITDA), launched the Nigerian Data Protection Regulation. Though the regulation had its merits, it left much to be desired. Expert comments clamoured for the introduction of the data protection bill.

Why is the data protection bill necessary, you may ask?

Imagine a world without walls or fences. A world where every whisper, every secret, every moment is up for grabs. Sounds terrifying, right? That’s what the Internet - Your Google, Facebook, Twitter, and Instagram- would look like in the absence of data protection laws.

Our personal information - from our date of birth to our medical records, from our purchasing habits to our deepest fears and desires - is at the mercy of companies, marketers, and even malicious actors.

There have been various issues of hacks and data breaches in and outside Nigeria, that have affected its citizens.

It's the invisible gold of the digital age, traded and used without our consent or knowledge, at the risk of our security, our identity, and our very essence. Okay, let me stop scaring you. Our Senior Editor, Oluwanifemi, spoke to a hacker about this.

Nigeria's data protection bill (now a law) gives us an opportunity to regain control of our data and provide more privacy as we surf the Internet.

Be the smartest in the room

Join 30,000 subscribers who receive Techpoint Digest, a fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
Digest Subscription

Give it a try, you can unsubscribe anytime. Privacy Policy.

Key highlights of the bill

Protection of Personal Data: The crux of the Bill is the protection of individuals' personal data. It legally mandates organisations and individuals to respect and protect an individual's privacy by securing their personal data.

Establishment of Nigeria Data Protection Commission: The Bill mandates the creation of a Data Protection Commission. This entity is responsible for the enforcement of the rules and regulations set out in the Bill.

Appointment of a National Commissioner: A National Commissioner is to head the Commission, overseeing the protection of personal data and ensuring organizations adhere to the new legal framework.

The difference between both is determined by the amount of data being processed, but the bill doesn't state it. It leaves that decision to the commission.  

Provisions that caught our eye

Data protection bill
What happens to your data when you die?

Here are some interesting provisions from the Nigerian data protection bill 2023

Who can handle Nigerians' data?

Data controller or processor: A company or individual that determines the purpose of collecting data and how that data is processed. There's a data controller of major importance and not of major importance.

They can either be entities that reside in Nigeria, process data within Nigeria or they're not domiciled in Nigeria but processes the data of Nigerians.

Consent

Companies must make sure you give consent before using and processing your data. Silence or inaction will not be taken as consent. Even after obtaining consent, you can still withdraw consent from the company at any time you choose.

Consent must be affirmative, and not through pre-selected means. It must be in writing, orally or through electronic means.

Children do not have the right to give consent, so companies must take steps to verify the age of whoever they want to collect data from.

Your rights as a data subject

The data protection bill 2023 gives you the right to

  1. Demand what type of data is being collected, where it's being stored, and who else will be using that data apart from the company that collected it.
  2. Demand that the company erases or rectifies the data in use at any time.
  3. Object to the use of data for marketing purposes - Remember all those ads you see on Facebook after talking about it with your friends? Yes, that.

Data transfer

Companies can no longer transfer data outside Nigeria unless there's valid legal backing.

That is, the company that is receiving your data outside the country, has a valid data protection law and procedures in place to ensure the safety of your data. The company will also be subject to sanctions under Nigeria's data protection law if there's any violation.

Data Breaches

The bill institutes several provisions for data breaches where the company has to report to its partners and the data protection commission.

When a breach that's likely to harm your rights and freedom happens, the bill mandates companies to notify you immediately. Either directly, or through public media.

Sanctions

Companies or individuals found in any violation could be sanctioned in various ways. Some include:

  1. Giving a part of the profits realised from the violation to a data subject
  2. Paying a fine - of ₦10 million for data controllers of major importance and ₦2 million for data controllers not of major importance.

This is just a sneak peek into Nigeria's data protection bill 2023, and there should be exciting conversations ahead.

Journalist feasting on tech, business, and policies. Looking to chat? Catch up with me, @eruskkii, on Twitter or send a mail to emmanuel@techpoint.africa
Journalist feasting on tech, business, and policies. Looking to chat? Catch up with me, @eruskkii, on Twitter or send a mail to emmanuel@techpoint.africa
Subscribe To Techpoint Digest
Join thousands of subscribers to receive our fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
This is A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day! 
Digest Subscription

Give it a try, you can unsubscribe anytime. Privacy Policy.

Journalist feasting on tech, business, and policies. Looking to chat? Catch up with me, @eruskkii, on Twitter or send a mail to emmanuel@techpoint.africa

Other Stories

43b, Emina Cres, Allen, Ikeja.

 Techpremier Media Limited. All rights reserved
magnifier