Experts Harp on Compliance with NITDA Data Protection Regulation


By Emma Okonji

PricewaterhouseCoopers (PwC), an accounting management firm has stressed the need for compliance with the data protection regulation currently being implemented by the National Information Technology Development Agency (NITDA).

NITDA is the government agency responsible for the implementation and monitoring of the country’s Information Technology (IT) policy including regulating electronic data and use and exchange of information.

Known as NITDA Data Protection Regulation (NDPR), which was modelled after the European Union Data Protection Law, the regulation seeks to protect data collection, processing and administration in order to foster safe conduct for transactions involving the exchange of personal data, among other objectives.

PwC called for such compliance during the 2019 Capability Enhancement Workshop, which it organised for journalists in Lagos recently.

Manager, Privacy, Data Protection and Cybersecurity at PWC, Mr. Nurudeen Odeshina, said although Nigeria has a Data Protection Bill that was before the National Assembly and when it is passed into law by the President, would supersede the NITDA’s Data Protection Regulation (NDPR).
He, however, stressed the need for compliance with the NDPR, pending when the bill on data protection that is before the National Assembly is passed.

“We are aware of the Data Protection Bill before the National Assembly but the NITDA Data Regulation is what we have now. That bill has not been signed, which means it is not yet law, and we have a regulation that actually binds us together in our respective data protection and privacy.
“Until we have a law on data protection, Nigerians should endeavour to comply with the NITDA data protection regulation,” Odeshina said.

Reacting to stakeholders’ views that Nigeria should rather wait to implement data law when passed, rather than implementing NITDA’s Data Regulation that period is not a law, Odeshina said: “The EU General Data Protection Regulation (GDPR), which we modelled after, is about 30 to 40 years ahead of us and the EU GDPR itself is said to be most lobbied regulation ever in EU law, because there are various players with big data companies like Google, Facebook, that have impact on the law.
“Before it was finally passed into law, it went into several readings in each of the member states and it took them four to five years before it was actually passed into law. So for Nigeria to have data regulation, is a starting point, and i think we will get better if we comply with the NITDA’s Data Protection Regulation.”

NITDA had in January this year, issued the Nigeria Data Protection Regulation, which seeks to safeguard the rights of natural persons in Nigeria with respect to the processing of their personal data.

NITDA subsequently issued the NDPR Draft Implementation Framework in July 2019, with the objectives to safeguard the rights of natural persons to data privacy; foster safe conduct for transactions involving the exchange of Personal Data; prevent manipulation of Personal Data; and to ensure that Nigerian businesses remain competitive in international trade through the safe-guards afforded by a just and equitable legal regulatory framework on data protection and which is in tune with best practice.

The regulation defines, “Personal Data” to mean any information relating to an identified or identifiable natural person, which could include one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This according to NITDA, would include a name, an identification number, address, a photograph, an email address, bank details, posts on social networking websites, medical information, IP address, among others.

NITDA insisted that the NDPR would apply to natural persons residing in Nigeria or residing outside Nigeria but of Nigerian descent.