Nigeria’s commitment to data privacy has received a major boost following her recognition by the global community, The Nation has learnt.
Confirming this development in an interview with our correspondent, Ademikun Adeseyoju, Team Lead, Data Protection & Privacy Compliance Department of DataPro Limited; a leading Compliance Solutions Company in Nigeria, and one of the licensed Data Protection Compliance Organisations (DPCO) shared useful insights on the significance and importance of the recognition.
Adeseyoju who spoke on the back of the World Data Privacy Day, which is observed annually and aimed at raising awareness about the importance of data privacy, said Data Privacy Day is also celebrated in the European Union, United States, Canada and Israel.
Specifically, she said, “The issuance of the Nigeria Data Protection Regulation (NDPR) in 2019 showcased Nigeria’s commitment to Data Protection and Privacy of its citizens.
“With the growing rate of data thefts, breaches and cybercrime cases, it is expedient that all stakeholders join hands in ensuring that adequate measures are put in place for the protection of personal data and adhered to. The global day therefore seeks to reinforce the importance of privacy by sensitising individuals and disseminating privacy practices and principles. In essence, the goal is to provoke personal ownership of privacy responsibilities in order to create a culture of privacy.”
The Nigeria Data Protection Regulation (NDPR) 2019 was issued in January 2019 by the National Information Technology Development Agency (NITDA), the regulatory agency charged with driving Data Protection compliance in Nigeria. The issuance of the NDPR 2019 provided an array of obligations for Data Controller and Processors in Nigeria. Data Controllers and Processors are obligated to appoint a Data Protection Officer for the purpose of ensuring company-wide adherence to the regulation.
Additionally, they are required to develop a Data Protection and Privacy policy which should set the tone of Data Protection and Privacy practices in the organisation; conduct training and awareness on Data Protection and Privacy for all staff; conduct Data Protection Impact Assessment (DPIA); and implement adequate security measures to protect data. Similarly, Data Controllers and Processors who process the personal data of more than 2000 data subjects in a period of 12 months are required to conduct annual Data Protection Audit and file the report with NITDA. This is to showcase their level of compliance with the provisions of the NDPR.
Going down memory lane, she recalled that beween 2020 and 2021, NITDA received audit fillings from 1230 entities. “This is a 94% growth from 2019/2020 filings. The list of all Audit-Compliant Organisations is available on the Agency’s website,” she stressed.
Besides, she said in its commitment to the creation of job opportunities, 42 additional entities were granted Data Protection Compliance Organisation (DPCO) license in 2021, bringing the total number of DPCOs to 102, of which DataPro is one.
The Agency also has not reneged on the performance of its oversight function. This is evident in its effort to hold entities accountable. In particular, a private entity was fined the sum of N10,000,000.00 naira for privacy invasion. This is the highest fine meted out by the agency. All of these point to the fact that NITDA is steadfast in its quest to ensuring that Nigeria continues to improve on its standing as relating to data protection and privacy. It also touches on the establishment of a Data Protection Commission. This new commission will be charged with the responsibility of protection of personal data, rights of data subjects, regulation of the processing of personal data and for related matters. Notably, countries such as Zambia, Rwanda, China, Russia, Saudi Arabia, Turkey, Kuwait, the UAE, Uzbekistan and Kazakhstan enacted/amended laws on data protection in 2021. This trend is expected to continue in the coming years and will be a major decisive factor in the relationship between countries. Therefore, it is impressive that Nigeria has joined the bandwagon. Another note-worthy trend is privacy tech taking centre stage. Due to pressure being mounted on business models by regulators, consumers and other stakeholders, companies will resort to technology to help them achieve their business goals. 2021 saw the rise of privacy-enhancing technologies, it is predicted that they will take centre stage in 2022. However, companies must ensure that they understand the solutions they are considering as well as their implications before making a decision.
Finally, Global Privacy Controls is expected to gain traction. Global Privacy Control (GPC) is a proposed specification designed to allow Internet users to notify businesses of their 2022 privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification. It is currently required under the California Consumer Protection Act (CCPA) and General Data Protection Regulation (GDPR) that Data Subjects should be able to exercise their legal privacy rights in one step via GPC.