By Emma Okonji
Following the implementation of the EU General Data Protection Regulation (GDPR) law coupled with the Nigeria Data Protection Regulation policy put together by the National Information Technology Development Agency (NITDA), experts at a recent webinar have stressed the need for Nigerian businesses to implement the NITDA’s Data Protection Regulation policy.
They highlighted the importance of data protection across all businesses.
The conference which was organised by the Association of Telecoms Companies of Nigeria (ATCON), in conjunction with NetHost Nigeria Limited, sought to create awareness on data protection compliance and to encourage businesses to implement the Nigeria Data Protection Regulation.
President of ATCON, Mr. Olusola Teniola, in his opening speech, said: “As we all know the regulation aims at protecting and guarantying the safety of all users of web from the unscrupulous people who use their knowledge to defraud and cheat people who are genuinely transacting business over different websites, both public and private.”
Teniola emphasised that data was now the new gold and as such, must be treated accordingly.
He commended the Director General/CEO of NITDA, Mr. Inuwa Kashifu Abdullahi, for putting the Data Protection Compliance Organisation document together for the benefits of Nigerians who have moved their physical transactions online.
The Chief Executive Officer, NetHost, Dr. Abiola Abimbola, in his presentation, gave an overview of the Nigerian Data Protection Regulation Act 2019, the need for compliance and lawful processing of data.
According to him, “The Nigerian Data Protection Regulation Act is meant to protect data transactions and personal data manipulation. Most countries of the world have the Data Protection Regulation Act and Laws and this will ensure that there are authorities in those countries that are responsible for safeguarding personal information of people and organisation, which made it a global best practice.”
He said sensitive data could be regarded as personal data but that they have been classified as sensitive data because they pose greater risk if exposed in terms of privacy or security exposures.
Abimbola explained that any organisation that acquired the personal data of a subject, determines what to do with it and how the data is processed through the backend, while taking instructions from the data controller and processes the data on behalf of the data subject. He said there would always be a mechanism in place where the subject could make request from the data controller on how his or her data is being used and processed.
He gave insight into the duties of data protection compliance organisations that have been licensed by NITDA to perform data compliance and implementation functions, whom he regarded as agents of NITDA who are performing the compliance and implementation of data usage and protection.
He said third party data processors like telecoms operators who keep subscribers data and MainOne and Rack Centre who keep data of companies, could be described as data controllers.
He added that data controllers could only process personal data, through certain conditions such as consent from the data subject; legal obligations like registration of voters’ card or SIM card registration; vital interest to save lives; Public interest or based on Contract.
Abimbola also spoke on the need for data security in order to check against threats, adding that those involved in telemarketing who make unsolicited calls to subscribers, may be doing so unlawfully because the subscriber information may have been obtained unlawfully without the consent of the data subject.