Commission Tasks Data Controllers And Processors on Compliance, Registration

 

The Nigeria Data Protection Commission, NDPC, has urged all banks, telecom operators, educational institutions, government parastatals, and other organisations that collect and process data in Nigeria to register with the Commission between now and December 2023, for data protection compliance monitoring.

The National Commissioner of the NDPC, Dr. Vincent Olatunji stated this at a sensitisation workshop on Data Privacy & Protection, held in Lagos, South-West Nigeria.

The Head, Media Unit, NDPC, Mr. Itunu Dosekun said this is in line with the provisions of the Act which mandates all data controllers and data processors to get registered within 6 months of the enactment of the law.

Olatuji who is also the NDPC National Commissioner that “all the registered organizations will also be required to file their annual audit report with the commission between January and March every year.”

While noting that the Commission is also increasing awareness to enlighten Nigerians on their rights when it comes to their data, he said; “the registration of all organizations handling data is to ensure that the rights are preserved by all data processors and controllers in Nigeria.”

Registration and audit return
Speaking on the timeline for the registration of all data controllers and processors, which include all organizations that deal with people’s personal data such as banks, telecom operators, insurance companies, and schools, among others, Olatuji said;

“What we have in the law is that all data controllers and processors in Nigeria should register with the data protection authority. What the law says is that we should give them six months to acquaint themselves with the provisions of the law.”

He explained that with over 500,000
data controllers and processors in Nigeria, it’s expected that they all comply with the law.

“From now till Dec 31st, they have to register with the commission while they are expected to file their data compliance audit return between 1st of January to 31st, March, every year,” he said

According to Olatuji, NDPC is saddled with the responsibility of creating awareness, guarding the rights of individuals to control and protect their personal information in the interconnected world, conduct investigations and meet out penalties for violators.

He affirmed that aside from increasing foreign direct investment into Nigeria, the DPA would boost the confidence of investors knowing full well that there are workable legal frameworks on the ground to protect them and their businesses.

“Because a lot of country now, when you don’t have your data protection law and the Data Protection Supervisor Authority, they don’t want to do business with you, with this law you will be able to cross that stage that the average investors coming to Nigerian will know that we have a law, and an independent DPA (Data Protection Authority,” Olatuji explained.

While highlighting the rights of data subjects, he said every Nigerian is a data subject as they all have data with either the government or private organizations.

“Data subjects have the right to give their consent or not when their data is being collected; the right of rectification where data is not correct, other rights are portability, erasure, refusal of processing, etc. On the part of data controllers and data processors.

“They owe us the duty of care and accountability to ensure that the data with them is well protected. What kind of measures are they putting in place in terms of technological measures and organization measures to ensure that the data with them is secure,” he explained.

The NDPC boss stated that one of the aims of the data protection law is to create confidence and trust in the economy and to attract foreign direct investments in Nigeria.

A Senior Advocate of Nigeria and Managing Partner Alliance Law Firm, Uche Obi said;

‘‘With a workable legal framework on data protection and privacy, even children who cannot ordinarily give legitimate consent are protected. Before you can obtain their data, you need the consent of parents or caregivers.”

He added that the issue of the breach is serious and can lead to criminal consequences, where the defaulters could be prosecuted, arraigned, and even sent to jail.

The Head of Legal Enforcement & Regulations Department at NDPC, Babatunde Bamigboye said this would curb the issues of identity theft in Nigeria.

“People won’t be able to steal your identity; your data, for instance, is like a key in the digital space. You want to get your password, you want to get your driver’s license, you want to communicate, you want to go online, and your identity is your key, so if this identity is not protected, how are you going to secure your digital assets,” Bamigboye added.

President Bola Tinubu had signed the country’s Data Protection Bill into law on June 12 this year.

This transformed the existing National Data Protection Bureau headed by Olatunji into a Commission that would be driving the implementation of the law.

 

 

 

Mercy Chukwudiebere