By Nwakaego Alajemba
The Minister of Communications and Digital Economy, Dr Isa Ali Ibrahim Pantami, has asked the National Information Technology Development Agency (NITDA) to get tougher in its enforcement of the Nigeria Data Protection Regulation (2019).
Private and public bodies including ministries, departments and agencies (MDAs) that breach the NDPR or fail to carry out data auditing as at when due should be penalised, the minister affirmed.
Also, Data Protection Compliance Organisations (DPCOs) found wanting in the delivery of their professional duties should similarly be sanctioned, said Pantami at the formal presentation of the Nigeria Data Protection Regulation (NDPR) Performance Report 2019-2020 in Abuja today.
His words: “In my assessment of the great work done so far, I still see room for more enforcement. NITDA, as the data protection authority, has my full support to ensure entities [that] wantonly breach personal data are brought to book as soon as possible. I am aware of some quick loan service providers who use personal data to defame and threaten their customers, such issues should be looked into in line with the NDPR.
“I also want to state that non-filing of data protection audit is a violation of the law. Enforcement of this provision would be more vigorously pursued going forward.
“This therefore brings me to the issue of Data Protection Compliance Organisations (DPCO). I encourage NITDA to increase regulatory oversight over current DPCOs and carefully consider current pending applications in line with its published criteria and processes.”
There are about 70 licensed DPCOs empowered by law to provide data audit and compliance services. There are increasing concerns that some DCPOs may not be adhering to the requirements for audit compliance.
Nigeria’s principal data protection legislation is the Nigeria Data Protection Regulation 2019 (NDPR). The NDPR was issued by the “NITDA on 25 January 2019 pursuant to Section 32 of the NITDA Act 2007 as subsidiary legislation to the NITDA Act 2007.Jul 6, 2020”
The NDPR defines ‘personal data’ as ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.”
All public and private entities handling personal data of citizens or ‘data subject’ are expected to submit a data protection audit within specific time frame.
The NDPR is designed to ensure Nigeria is not isolated technologically and legally from global practice concerning data protection.
According to Pantami, Nigeria has made much progress in the evolving data protection industry since the NDPR came into effect as the country is regarded as the continent’s shining light on data protection.
More importantly, the minister said the implementation of the NDPR has helped to provide a pathway for the National Digital Economy Policy and Strategy (NDEPS) for a Digital Nigeria.
His words: “It is often said that data is the oil of the digital economy. As such, the integrity of the digital economy relies, to a large extent, on the integrity and protection of data. To this end, the NDPR supports in the development of our digital economy and I must say that the NDPR aligns perfectly with our developmental regulatory pillar under NDEPS.”