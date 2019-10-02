By Prince Osuagwu

…Taxtech, AO2 Law advocate total compliance

On May 25, 2018, the General Data Protection Regulation, GDPR, was enforced as the strictest and most encompassing data protection law ever to be passed. Its scope reaches far beyond the borders of the EU, in so far as it applies to all organisations and all websites globally, that process data of EU citizens.

That means that Nigerian companies that receive communications from either European companies or citizens, are not excluded from the regulation.

Furthermore, the GDPR has set a high standard for data protection that is being followed as an example for other data protection authorities in the world, as they update their legislations to correspond to the demands of a digital and data-driven society.

GDPR is very much to be reckoned with, and has been adopted by national authorities, privacy activists and offended parties alike as a potent instrument to improve transparency and ensure the enforcement and respect of privacy rights.

Six months later, various national data protection authorities and supervisory authorities as well as privacy activists and offended parties have taken actions.

Incidentally, cases are only made public if one of the parties for some reasons chooses to do so or if convicted companies wish to gather momentum to dispute the conviction.

Meanwhile, an estimated 30 to 60 cases are being investigated by the data protection authorities of the different EU member-states.

These developments should give every reasonable country some concerns. Data permeates corporations as much as it does personal lives. Companies today build their digital transformation on data. Their control, access and use of data enable them to gain insights on new markets and achieve greater efficiencies.

Apparently, these facts have spurred the action of the Nigerian government which has now responded with a Nigerian Data Protection Regulation, through the National Information Technology Development Agency, NITDA.

NITDA said the regime came into effect, recognising that many public and private bodies have migrated respective businesses and other information systems online. It said that since Information solutions in both the private and public sectors now drive service delivery in the country through digital systems, they have thus become critical information infrastructure which must be safeguarded, regulated and protected against atrocious breaches.

NITDA specifically said: “Cognisant of emerging data protection regulations within the international community geared towards security of lives and property and fostering the integrity of commerce and industry in the volatile data economy, and conscious of the concerns and contributions of stakeholders on the issue of privacy and protection of personal data and upon evaluation of the grave challenges of leaving personal data processing unregulated; the agency hereby issues the Nigeria Data Protection Regulation”

As a way of creating awareness of the new regime, NITDA, in collaboration with Data Protection Compliance Organisation, DPCO, Taxaide Technologies Ltd., Taxtech, and Anaje Olumide Oke Akinkugbe, AO2 Law, held a roundtable conference to look at all the issues surrounding the new regulation.

Deliberations centred on what the NDPR portends for Organisations, compliance and cost implications.

Panel discussions were focused on key regulations such as the application of data, data processing principles, consent, privacy policy, data security, third-party contracts, data subject rights, data transfer, transparency, penalties and more.

After deliberations, institutions in Nigeria, both public and private were urged to comply with the regime of the newly revised Nigeria Data Protection Regulation 2019, NDPR.

NDPR Desk Officer at NITDA, Mr. Olufemi Daniel, said there was no better time for stakeholders to get a deeper understanding of the Data Protection Regulation and best practices than now.

He hinted that the NDPR Regulation as it stands was not as strict as the GDPR adopted in Europe, specifically to make more appreciable and more understandable as a relatively new regulation in Nigeria.

Daniel added that the NITDA’s primary concern is the compliance to the regulations.

On the overlapping functions of different data regulatory bodies in the country such as the Nigerian Communications Commission, NCC, and others Daniel said that NITDA was working with other regulators to develop a synergy.

Managing Partner, AO2 Law, Mr. Chinedu Anaje, advised data related businesses not to panic about the huge fines involved in data breaches because no arbitrary measures would be taken in fines imposition. He, however, said there’s also need for organisations to seek redress if they are wrongfully fined by the regulators.

He said: “The NITDA gives organisations an opportunity to redress in a court of law; there are numerous cases of that nature in Europe and North America. We expect there will be an increase in data breach cases in the future.

