Deadline looms for organisations to comply with data privacy rules in Nigeria
The deadline looms for organisations to comply with Nigeria's mandatory Data Privacy Regulations. Nigeria's National Information Technology Development Agency (NITDA) set out the 25th of October 2020 as the deadline for organisations to comply with the regulations.
The Data Privacy Regulations fall under Nigeria's Data Protection Regulation came into effect on the 25th of January 2019. Organisations were given a grace period of up to the 25th of July 2019 to comply, and have since been extended to October 2020.
The regulatory framework aims to safeguard the rights of persons to privacy, fostering safe conduct for the transactions involving the exchange of personal data and preventing manipulation of personal data.
In September this year NITDA also announced it has suspended the collection of applications for Data Protection Compliance Organisation (DPCO) licenses until further notice.
These DPCOs are licensed for the purpose of training, auditing, consulting and rendering services and products for the purpose of compliance with this data privacy regulation or any foreign data protection law having effect in Nigeria.
Jobs and income
Speaking during NITDA’s first Annual Nigeria Data Protection Regulation (NDPR) Performance Report 2019-2020, Communications Minister Isa Ali Ibrahim Pantami said NDPR has created more than 2 000 jobs for Nigerians.
“I have reviewed the report and I am proud to see that we have through the NDPR, 2 686 job roles, we created massive opportunities for young Nigerians to be recruited as Data Protection Officers, Data Protection Compliance Organisations, Compliance officers and so on,” he said.
“The DPCOs have also earned over N2 billion in the first year of implementation. This is the intent of our digital economy policy- empowering Nigerians in a way that ensures global competitiveness.”
He said NDPR is part of the implementation of National Digital Economy Policy and Strategy (NDEPS) which has eight pillars that include Developmental Regulation and Digital Literacy and Skills among others.
“The NDPR falls under the first pillar - Developmental Regulation. The objective of this pillar is to ensure an effective regulatory oversight and securing of the information, communication, technology and digital economy space to engender accelerated and inclusive development,” Pantami said.
Speaking during the same event, NITDA director general Mallam Kashifu Inuwa Abdullahi said the NDPR being a flagship of the NDEPS, is expected to be used as a learning curve for Nigeria and Africa on how to effectively implement global laws with due consideration of local peculiarities and opportunities.
In the year under review, NITDA served 51 enforcement notices on data controllers who are perceived to have breached the provisions of the NDPR.
About 180 compliance notices were served on ministries, departments and agencies of government, one of which is the Lagos Internal Revenue Service (LIRS) breach.
The LIRS was found to have exposed the personal data of some taxpayers in the process of harmonising historical tax data and NITDA initiated an investigation on LIRS and its major data processor. LIRS was fined N1,000,000.00 (over $2,500).
NITDA has commenced investigation into the activities and operations of seven data controllers as part of its enforcement drive, says NITDA