
…Defaulters to pay 2% annual revenue
…To license more DPCOs
By Emmanuel Elebeke
With the recent ascent of the Nigeria Data Protection Act 2023. into law by President Bola Tinubu, the National Commissioner of National Data Protection Bureau, Dr. Vincent Olatunji says data protection is now a statutory requirement for every organization in Nigeria.
With the law now in place, he said every organizations must cooperate with government and also ‘walk the talk’ in ensuring protection of privacy of all data, private or corporate in the interest of the nation.
The NDPB CEO made the clarification known in Abuja on Monday while addressing the press on the implementation of the new legislation.
He explained that by the new law, banks, telecommunications companies, and other organisations hosting data may be fined as high as two per cent of their annual revenue for data breaches.
According to him, “the move is to make data protection in Nigeria a statutory requirement for every organization, big or small, which is now expected to cooperate with government through compliance to to the law.
He said, “This development should not be seen as a burden; rather, let us view it as an exciting journey towards gaining trust, building robust data protection structures, and strengthening our standing in the global digital economy landscape.”
“This journey towards nationwide compliance will be guided by several key initiatives and future developments.
“Within the last two quarters of this year, we are vigorously pursuing the following targets: Public Awareness Campaigns: We understand that awareness is the first step towards compliance.
“Therefore, we will be expanding our active public awareness campaigns to educate and empower organizations and individuals as regards their roles, rights, and responsibilities under the Act. Development of Implementation Framework: Standardization is vital.
“Hence, we will be developing a standardized framework for implementation, ensuring consistency and clarity across all sectors. This will involve guidance notices on key provisions of the law particularly those that relate to lawful basis of data processing, data subjects rights, compliance audit returns and cross-border data transfer.”
On capacity-building for Data Protection Officers (DPOs), he said the bureau considers DPOs as the frontline soldiers in this endeavour and therefore will improve capacity-building opportunities for DPOs enrolled under the National Data Protection Adequacy Programme (NaDAP), thereby enhancing their ability to lead their organizations towards compliance.
Issuance of DPCO Practice:
In this regard, he stated that guidelines and sectorial guidance notices would be established, just as effort would be intensified to strengthen their regulatory frameworks for DPCOs and issue sector-specific guidelines particularly for financial and telecom sectors.
The objective, for him is to provide agile frameworks that address peculiar vulnerabilities, risks and opportunities on the one hand, and on the other hand provide clear path for compliance.
To meet the increasing demand for compliances services, the NDPB Commissioner said that more DPCOs will be licensed to provide services and make the ecosystem competitive.
Upscale of Registration Process
To ensure ease of processes, he said plans were underway to upscale the registration process for data controllers and data processors, simplifying compliance pathways and encouraging participation.
For compliance Audit Filing Calendar, he m affirmed that the bureau would be introducing a definite calendar for filing annual Compliance Audit Returns.
“Our target is January to December. Organizations will have opportunity to file within the first quarter of each. The current dispensation of compliance under NDPR will be completed and only those who are compliant will be eligible for inclusion on the NaDPAP Whitelist.
“This will also enable organizations to be up-to-date with their compliance obligations. These initiatives underscore our commitment to ensuring that all Nigerian organisations become NDPA compliant,”
“This is not just about following a new set of rules, but about embracing a new era of data protection where respect for personal data becomes an integral part of our national ethos,” Olatunji said.
You will recall that President Bola Ahmed Tinubu, has set an achievable target of creating 1 million jobs through the Digital Economy sector.
And to walk the talk, he signed the data protection law last week that will inspire trust for jobs to be created.
According to the bureau, measures are being put in place to create 500, 000 jobs data protection ecosystem.
“This is 50% of the job creation target for the sector. At the core of the NDPR is the essence of respect – respect for the personal data of our citizens, respect for privacy, and respect for digital rights.
“This respect is now solidly etched in the NDPA. The change in legislation is not merely an addendum to our law books; it is a transformative stride towards shaping a culture where the protection of personal data is a cherished principle and an inviolable obligation,” he added.
Disclaimer
Comments expressed here do not reflect the opinions of Vanguard newspapers or any employee thereof.