Nigeria Data Protection Regulation – A Step Towards Data Protection in Nigeria
Data privacy has become a huge concern for the Nigerians as more people are becoming aware of the need for the protection of their data. Although, most people are still ignorant.
Table of Contents
What is Data Privacy
Data privacy deals with proper handling of data. It exists whenever Personally Identifiable Information (PII) or any sensitive information is collected, stored and used.
Privacy of personal information has always been a concern for the Nigeria citizens as it is seen as a fundamental right. This right is constantly challenged with the constant evolution of technology.As more personal information are being stored and transmitted electronically,data privacy becomes a challenge.
Personal Identifiable Information(PII) is any data that can potentially identify a specific individual.Example your full name,Date of birth,address,license number, BVN ,email addresses.
With the advent of social media, PII are given out without duress which is been constantly warned against.
Another Challenge is the case of organization/agencies transferring our data to third parties without the users Consent.
What is Data Protection
Data protection is the safeguarding of important information from corruption, compromise or loss.With the digitization of data,data controllers owes users the responsibility of protecting their data.
Considering the evolution of cybercrime and emerging data protection laws, it is quite clear that every organization should need to protect their data and follow laws and regulations to safeguard them.
In 2018,the European Union(EU) released the General data Protection Rule (GDPR).The GDPR regulates the processing of data by an individual,a company or an organisation relating to individuals in the EU.
It is in this regards that the National information Technology Development Agency(NITDA) released the Nigeria Data Protection Regulation(NDPR), 2019.
Concerned Nigerians have waited for this regulation as a lot of organizations misuse users data.
Now it is here!
There is still a big QUESTION,
Does having a data protection regulation makes Nigeria a data protection compliant organization?
Is Nigeria ready to implement the NDPR?
Does NITDA have the capability to enforce the NDPR?
Factors to Ensure the Success of the Nigeria Data Protection Regulation
There are a lot of factors that need to be put in place for the NDPR to be a success.
The people are one of the key players in compliance.If our data is going to be protected and our privacy is going to be put into consideration,it is the duty of every individual to report instances where they think their privacy have been violated or their data has been compromised . Individuals have the right to make complaints on data breaches but how do they do this when they do not know about the NDPR.
When the GDPR was released,it was talked about on all media outlets and this gave a lot of individuals an opportunity to understand what the regulation is about.We need to do the same for the NDPR,We need to create awareness on all media outlets so as to make the common man understand what NITDA is trying to achieve an the role we all need to play.
Data Protection Officers (DPOs)
Data protection officers ensure that in an independent manner,an organization applies laws protecting individual‘s personal data.
Nigeria need qualified data protection officers who have expertise in data protection law and practices and a complete understanding of IT infrastructure, technology, and technical and organizational structure. They will ensure that this regulations are strictly adhered to.
A larger number of Nigerian organizations do not have data protection officers (I’m not sure if any has tho).
Does Nigeria have DPOs ready for the job?
Are organizations ready to employ DPOs ?
This are questions and more that needs to answer.
Data Protection Compliance Organizations (DPCOs)
This are “entity that will be duly licensed by NITDA for the purpose of training,auditing, consulting and rendering services and products for the purpose of compliance with this Regulation or any
foreign Data Protection law or regulation having effect in Nigeria”.
Nigeria Currently do not have DPCOs (None that I know of tho) and for the effective implementation of the data regulation,the DPCOs are needed.
How long will it take for Nigeria to have standard DPCOs and be able to implement the NDPR?
Will NITDA use their licensing power to license just any organization that comes up with the capability?
What are the baseline for licensing organization as DPCO?
This are the questions we need to ask and consciously look forward to answers from NITDA.
Database security is the use of various information security controls to protect database.Security measures must be put in place to protect database from common security threats. NITDA must ensure that all organization that handles user data have a secured database. Hence, regular auditing should be carried out by the DPCOs with the assistance of DPO.
Cyber defense is a mechanism that focuses on preventing, detecting and providing timely response to attack or threats so that no infrastructure of information is tampered.Organization needs to ensure that they have good cyber defense in other to protect user data in their organization as “hackers are not sleeping”.
Data Breach Notification
Data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.
Okay! This was my major concern after reading the NDPR. How is there no section that enforces all organizations to report and notify it’s users when their data is compromised?
If there is going to be protection of data, there has to be a data breach notification. This will inform users on what next step to take once an organization detects a compromise on it’s organization that involves user data.
The NDPR is a good step into data protection of Nigeria citizens but it will take a long time for NITDA to actively enforce this regulations as there are a lot of constraints that needs to be looked into.