By Juliet Umeh

Almost every Nigerian company has a desire to provide global services. However, that comes with a price tag. Most significant of the issues is the data protection and privacy concerns that arise in the context of international operations.

Technology expert, Kehinde Ogundare who is also the Country Head, Zoho Nigeria, has warned that such aspirations are not made without critical considerations on data privacy.

He said that businesses run the danger of breaking regional laws and regulations when they do not pay careful attention to data protection and privacy.

According to him, should hackers exploit vulnerabilities, organizations run the risk of experiencing operational disruption, as well as losing the trust and support of their clients.

However, he has listed some of the critical strategies a business should put into consideration before opening its operations to the global market.

They include: GDPR compliance

Ogundare said: “As an initial step, it is essential to ensure compliance with various global data privacy laws and regulations, both for the business and its suppliers.

“It is imperative to note that these laws and regulations are not limited to markets where the business has established operations, and comprehensive compliance measures must be taken into consideration.

“The European Union’s General Data Protection Regulation, GDPR, for instance, applies to any company that has an EU citizen as a customer, regardless of where they currently live.

“Take a Lagos-based company that only sells goods in its own city, for example, and assume one of their local customers is an EU national, the company has to be compliant with the Nigeria Data Protection Regulation 2019, NDPR, which is a subsidiary legislation issued pursuant to the National Information Technology Development Act, 2007, NITDA Act 2007, as well as the GDPR.

“The consequences for anyone found to be in violation of data and privacy regulations are potentially severe.

“A breach of the privacy rights of any data subject under NITDA Regulation with respect to data controllers dealing with more than 10,000 data subjects carry a fine of two percent of annual gross revenue of the preceding year or payment of N10 million, whichever is greater.

“With respect to data controllers dealing with less than 10,000 data subjects, a fine of one percent of the annual gross revenue of the preceding year or payment of N2 million, whichever is greater, will be levied. GDPR offenses, meanwhile, carry fines of up to €20 million or four percent of the total global turnover for the preceding fiscal year, whichever is higher.

Privacy and security assessments

Companies desiring to play in the global space must include privacy and security assessment in due diligence processes for software vendors.

Explaining further, he noted: “To ensure optimal readiness for data protection, it is crucial to implement sound database management practices, employ robust cybersecurity measures, and provide ongoing education to employees on the importance of data protection and privacy in the workplace. These things need to happen on an ongoing basis with businesses adapting as new threats emerge.

“An area of vulnerability that businesses frequently neglect is the software and productivity tools they utilize. It is essential that businesses select tools from companies that not only adhere to the relevant regulations but also place a high priority on data protection and privacy. Aside from tools and offerings with robust privacy measures, vendors should present a business model that is not dependent on ad revenue and data monetization. These proactive measures considerably reduce the chances of a data breach. With the average cost of a breach now at $4.35 million USD, that’s an investment worth making.

He also said: “Data protection is a must. For businesses, especially those with a global presence, an elevated sense of responsibility is required. Regardless of the size of the organization, it is crucial to recognize that similar challenges to those faced by large corporations, particularly with regards to data security and privacy, must be addressed.

“Consequently, a concerted effort is necessary to provide the highest level of protection for customers. This necessitates partnering with software providers who possess a commitment to data security and privacy.”