By Emmanuel Elebeke
The National Information Technology Development Agency, NITDA, has warned all data controllers and processors in the country that the 15th March 2021 deadline for the filing of their annual data audit report still stands.
The Director-General of the agency, Mallam Kashifu Inuwa Abdullahi sounded the warning on Monday at a virtual press conference where he reeled out the update on the Data Protection Regulation implementation and their 2021 projections.
Inuwa insisted that non-filing of the audit report by all concerned organizations is a punishable offence, adding that NITDA is set to fully enforce this provision starting from this year.
As part of efforts to carry all stakeholder along, he noted that the agency embarked on sustained public awareness since January 2020, as it was not oblivious of the information deficit of most Nigerians as regards the issue of data protection.
ALSO READ: The Sunday Igboho I knew— Ojudu
‘‘I want to use this opportunity to remind all data controllers and processors that the deadline for the filing of their annual data audit report is 15th March 2021.
‘‘Non-filing is a punishable offence and we are set to fully enforce this provision this year.
Ladies and gentlemen, permit me at this point to run through the events we have lined up for this Special Privacy Week.’’
‘‘We realized that wielding the big stick without adequate awareness would lead to apathy and, or rebellion. Thus, our first task was to embark on a series of public awareness campaigns. We achieved massive media awareness between May and October 2019.
‘‘Also, we have treated 1,200 questions, request for clarification and other inquiries from the public on the issue of data protection,’’ Inuwa added.
In terms of implementation, the NITDA boss said a unique implementation structure for the NDPR was also created. Unlike the GDPR and other laws, he explained that the NDPR creates a set of licensees who have proven expertise in data protection implementation.
‘‘These DPCOs are licensed to provide data protection compliance, audit, training and related services to all Data Controllers and Processors. So far, we have licensed seventy DPCOs and have received many more applications which are currently being treated.
‘‘This strategy has recorded compliance from many organizations than could be imagined. For instance, our audit reports for the period 2019-2020 shows the percentage of compliance among the number of filing entities.
‘‘However, with the direction, we are moving on NDPR audit compliance filing, we are very glad that we have set out in the right way. Our strategy of licensing DPCOs is yielding bounteous fruits as Nigeria now has more data protection experts per capita than any other African country.’’
‘‘Our survey also reveals that wealth is being generated through the DPCO scheme. Interestingly, this aligns with President’s Muhammadu Buhari’s vision to diversify the economy, create sustainable jobs and develop the digital economy,’’ he added.
Aside from the compliance focus, he disclosed that NITDA also inaugurated the Data Breach Investigation Team (DBIT), a team made up of IT Professionals, Lawyers and the Police Force.
‘‘Their assignment is to investigate allegations of breach and make recommendations of actions to be taken on each case, through the Implementation Committee.
‘‘The Police team is also empowered to invite, arrest, interrogate and prosecute erring offenders.’’
While calling on the National Assembly to fast-track the passage of the Data Protection Bill into law, Mallam Inuwa assured that NITDA would strategize to create a workable, credible implementation process that would assist the National Assembly in its quest to pass a Data Protection Bill.
‘‘We are proud to say the NDPR implementation has the most robust consultative process in our recent history as a nation. This autochthonous approach has deepened the NDPR more than we could have imagined.
‘‘While we await the passage of the Data Protection Bill, NITDA will continue to lay necessary structures to deepen data protection implementation in Nigeria,’’ he said.
Still on enforcement, he said ”we are considering all options to ensure we do not kill businesses, while also ensuring businesses do not kill Nigerians through wanton abuse of their data.”
Recall that NITDA had issued a draft Data Protection Guideline since 2013, with the objective of providing a basic law to guide the use of data in the digital space.
However, when the EU GDPR was issued in 2016, the then Director-General of NITDA, Dr Isa Ali Ibrahim Pantami, constituted a team to review the draft guideline in the light of global developments and also to provide Nigerians with a practicable law for its implementation.
The NDPR is designed to meet the global, especially GDPR principles on data protection, and also provides unique and innovative implementation frameworks that has made it a point of reference in Africa and beyond.
Following the issuance of the Regulation, NITDA has taken a number of steps in line with its implementation strategy.
Some of the steps include Sustained Public Awareness; Implementation Structure; Legal and Political Structure for Sustainability.
He listed some of the NITDA’s visions for the year 2021 as follows: development of sectorial implementation toolkits; standardization of NDPR courses and training; development of a multi-billion naira sector that would create thousands of jobs and rejigging of enforcement mechanism to improve compliance.