Data Protection Services Limited (DSPL) has held the kickoff meeting for the implementation of Nigeria Data Protection Regulation (NDPR) for Oyo state government.
The meeting held this Monday in Ibadan even as the National Information Technology Development Agency (NITDA), also same day in Abuja, unveiled series of week-long events to mark the National Data Privacy Week.
Activities for the National Data Privacy Week are expected to peak on Thursday 28, the International Privacy Day – celebrated all over the world to raise awareness on data security and privacy which by provisions of the NDPR, impose specific legal compliance requirements on private and public entities in relations to handling of citizens’ personal data.
The NDPR implementation kickoff meeting is designed to be a preparatory meeting for all in stakeholders drawn from the eight ministries, departments and agencies (MDAs) participating in the first phase of the scheme.
The MDAs include Ministry of Finance, Ministry Justice, Ministry of Agriculture, Natural Resources and Rural Development, Board of Internal Revenue, Ministry of Health, Civil Service Commission, and Bureau of Public Procurement.
“Governments are the biggest processors of personal data of Nigerians. The tendencies for breaches or abuses are highest among MDAs whether at state or federal level. Preparing government officials for global best practice in data privacy and protection is critical to positioning the state for growth or ability to access global cooperation and international financing as the world increasingly tilts to digital economy” said Managing Director of DSPL, Mr. Tunde Balogun.
“Our unique NDPR implementation life cycle consists of three phases – Prepare, Operate and Maintain – with each incorporating a number of supporting activities. The objective defined for each phase is attained once all of the activities for that phase have been successfully executed. The ultimate goal of our methodology is sustaining and evidencing compliance with the NDPR,” he added during the pre-implementation meeting inside the Management Information Centre (MIC) within the governor’s office in Ibadan.
DSPL is one of the data protection compliance organizations (DPCOs) licensed by the NITDA and has built extensive experience in provisioning remote and on-site trainings on data protection compliance.
Oyo sets the pace for state-wide NDPR implementation
Oyo State will be the first state in Nigeria initiating a state-wide NDPR implementation across several MDAs as DSPL begins work expected to benefit no less than 40% of the state’s over 115,000 civil servants.
They will undergo series of data protection, privacy trainings – all part of the deliverables by DSPL. Other deliverables include awareness creation for civil servants on data privacy policies for MDAs; collection of data, disposal of data; and audit of the state’s MDAs to assess their level of data protection readiness.
Oyo is the pacesetter state, and our governor believes that information technology including programmes like this could further help his agenda to rapidly develop the state and the people,” said Permanent Secretary (General Administration), Mrs. Adejoke O. Eyitayo during a short courtesy visit by the DSPL team to her office after the NDPR pre-implementation meeting. In the DSPL team is Mr. Olusegun Oruame.
Earlier, the Special Assistant on ICT & e-Governance for Oyo State Government, Mr. Adebayo Akande, had tasked the DSPL on the need to have a comprehensive approach to implementing the deliverables of the NDPR project in Oyo state. According to him, the Oyo state remains committed to improving the digital skill sets of all civil servants regarded by the governor as critical human resource.
The NDPR, issued by the NITDA, is Nigeria’s primary data protection legislation. It provides the legal framework for data protection compliance requirements and managing breaches including the imposition of penalties for defaulters.
Since 25th January 2019 when it became the effective regulation for data protection compliance, all public and private entities that process the personal data of more than 1000 data subjects in a period of six months and 2000 data subjects in a period of 12 months must submit a Data Protection Audit Report to the NITDA.
Data protection audit filing mandatory by law
By law, the submission is annual and mandatory. Data protection audit filing must be not later than March 15 of every year.
By the provision of the NDPR, “compliance is not a one-off obligation but a continuing activity for data controllers and processors in Nigeria. Failure to file these returns to NITDA is deemed a breach of the NDPR,” says one report by Mondaq AI.
DSPL is already providing similar services to the government of Plateau State in central Nigeria. It has helped to guide the Plateau State Internal Revenue Service (PSIRS) to meet the NDPR compliance requirements.
“In addition to assisting private organisations meet the compliance requirements, DSPL has been able to develop unique tools to help MDAs adopt the NDPR guidelines and embark on their data protection journey with little or no encumbrances. We believe as we begin to interact, we can all diligently go through the learning curve to become more professional in our approaches and be able to drive the goals of our respective organisations” said Balogun to sign off the meeting.
The state’s Director of IT and Head of the MIC, Alhaja Mobolaji Abimbola Oguntade, assured all the stakeholders and the DSPL of the centre’s support as the project commences.