Data Privacy Day is observed annually on January 28th. It is a global day aimed at raising awareness about the importance of data privacy and is also celebrated in the European Union, United States and Canada. The issuance of the Nigeria Data Protection Regulation in 2019 showcased Nigeria’s commitment to Data Protection and Privacy of its citizens. To commemorate the 2021 celebration, Abimbola Adeseyoju, the Managing Director of DataPro Limited, a compliance solutions company in Nigeria, and one of the licensed Data Protection Compliance Organisations speaks with Adedayo Adejobi on Nigeria’s effort to drive the Data Protection compliance regime as well as the fundamentals of Data Protection and Privacy
The Nigeria Data Protection Regulation (NDPR) was issued on 25th January 2019, to drive data protection and privacy compliance. Two years later, what achievements has the regime recorded?
The issuance of the NDPR 2019 saw Nigeria record a significant growth in Data Protection and Privacy compliance.
What is the impact of the NDPR 2019 on organisations in Nigeria?
How has the Covid – 19 pandemic affected data protection?
The Covid -19 pandemic has disrupted the traditional way of doing business. Many organisations have resorted to working remotely, which has posed significant data privacy risks as a lot of personal information is being obtained and processed over less secured networks. As a result, organisations have become more susceptible to data breaches. To mitigate the risk of data breaches, organisations have been challenged to beef up security measures in order to ensure that their digital platforms are highly secured against cyber threats. With the heightening of cyber-security issues, organisations are required to be forward looking and employ creative security measures such as the use of Virtual Private Networks (VPN) and encryption of computers. The prevailing situation which has forced organisations to adopt stringent cyber security measures will subsequently help improve data security standards.
What are the rights of Nigerians under the NDPR?
The NDPR dictates several rights for Data subjects. The rights include: The right of access – Data subjects have the right to access their personal data being processed by a Data Controller or Processor; the right to rectification – Data subjects have the right to request for the correction of inaccurate personal data and to have incomplete personal data updated without delay; the right to erasure – Data subjects have the right to request the erasure of their personal data from a Data Controller and Processor system; the right to restrict processing – Data subjects have the right to request Data Controllers and Processors restrict the processing of their personal data under certain circumstances; the right to data portability – Data subjects have the right to request a transfer of their personal data from one Data Controller or Processor to another; the right to object to processing – Data subjects have the right to object to the processing of their personal data under certain circumstances; the rights in relation to automated decision making and profiling – Data subjects have the right to object to a decision solely based on automated profiling or decision making, which significantly affects them.
It is important that Nigerians are aware that to exercise any of these rights, they must contact the Data Controller or Processor managing their personal data.
What notable steps have been taken by the regulator to drive the NDPR compliance regime?
One of the notable steps taken by NITDA in the quest to drive data protection compliance is the fining of a public institution the sum of N1 million for personal data breach offence, making it the first sanctioned entity since the issuance of the NDPR. This move reinforced the government’s commitment to safeguarding the data of Nigerian citizens. It has also propelled compliance with Data Protection and Privacy among corporate organisations. Additionally, the regulator served 51 enforcement notices on Data Controllers perceived to have breached the provisions of the NDPR 2019. It also served 180 compliance notices on Ministries, Departments and Agencies of the Nigerian government. Likewise, NITDA inaugurated a Data Breach Investigation team in conjunction with the Office of the Inspector General of Police to conduct effective investigation of data breach and misuse.
The NDPR portal was also launched to enable reporting of data breaches. The steps taken so far to enforce Data Protection compliance in Nigeria is commendable and showcases NITDA’s commitment to ensuring that Nigeria continues to improve on its current standing as relating to data protection and privacy.