The Association of Licensed Data Protection Compliance Organisations of Nigeria (ALDAPCON) is the association of Data Protection Compliance Organisations (DPCOs) licensed by the Nigeria Data Protection Commission (NDPC). Their roles include monitoring compliance with existing data regulations and ensuring that data controllers, including all public and private corporate entities that manage citizens’ data, do not breach the provisions of the Act. Only DPCOs are licensed by law to execute data protection audits across the country for data controllers. IT Edge News, Nana Theresa Timothy, speaks with Chairman of ALDAPCON, Mr. Ivan Anya, on challenges of ensuring compliance to data protection regulation and what ALDAPCON is doing to raise commitment of stakeholders to a national culture of data protection. Anya, who is also CEO of BI Technologies Ltd speaks on business sustainability of private ICT companies in Nigeria.
What are the most significant challenges that ALDAPCON faces in ensuring compliance with data protection regulations among data controllers in Nigeria, and how is the association addressing these challenges?
Thank you for that question. For everything that is young, everything that is new, there is always a wobble at the beginning, so it’s quite expected that being licensed, we are bound to encounter challenges. The key challenge is that most data controllers do not adhere to compliance due to poor corporate governance practices in the country. Adherence is seen only where there is compulsion and strong regulatory will; only then do organizations comply with basic rules or laws.
RELATED: NSDPA and ALDAPCON sign landmark MoU to boost data protection awareness in Nigeria
Many organizations are yet to see data protection as a necessity. Business is still conducted as usual, and data protection is not viewed as a separate critical component. Ignorance about the law and poor corporate governance practices are major issues. ALDAPCON is addressing these challenges through sectoral collaborations. We are engaging players within key sectors, such as the power sector, medical industrial sector, fintech, human resource management, security firms, hospitality, and tourism. We are focusing on areas where data handling may be compromised, engaging these industry segments about the importance of data protection in their operations.
Many organizations are yet to see data protection as a necessity. Business is still conducted as usual, and data protection is not viewed as a separate critical component. Ignorance about the law and poor corporate governance practices are major issues
How is ALDAPCON working to increase the commitment of stakeholders to a national culture of data protection, and what specific initiatives or programs have been most effective in achieving this goal?
ALDAPCON members were instrumental in developing the Strategic Road Map and Action Plan of the Nigeria Data Protection Commission, a national document outlining medium and long-term plans for data practice implementation. We continue to work with and improve upon this document to involve all stakeholders in the ecosystem. We have signed several MOUs to enhance data protection awareness, notably with the Nigerian Stakeholders for Data Protection Awareness (NSDPA), to promote data protection awareness at the state and community levels. Additionally, we are conducting sectoral engagements to educate people about data protection practices in Nigeria.
In your view, how can the Nigeria Data Protection Commission (NDPC) better support and enhance compliance among data controllers, and what role can ALDAPCON play in this collaborative effort?
Every data controller, particularly corporate entities, is legally required to conduct data protection audits. The Commission has been securing structural approvals, such as getting the Head of Service to mandate public sector organizations to comply with the Nigerian Data Protection Act. The Commission has also engaged several state governors. These efforts are crucial in deepening Data Protection Adequacy in Nigeria. We are working alongside the Commission, providing pro-bono services and competencies to assist them. The leadership of the Commission, headed by Dr. Vincent Olatunji, is doing a commendable job, and we are supporting them in various capacities, including manpower assistance.
As an indigenous ICT business, what role do you believe the government should play in supporting the growth and sustainability of private ICT companies in Nigeria?
The major pain point within the ICT sector is the lack of coherent structures. The National Information Technology Development Agency (NITDA) is making efforts to address this. Many young people entering the industry face an unstructured environment with unclear regulations. This lack of structure affects trust and security in engagements between firms and young professionals. Often, these young professionals receive training from firms only to leave for another firm or country shortly after, causing disruptions. Many organizations have abandoned IT projects midway due to this challenge, which is costly for those venturing into the industry. If NITDA and other regulators create a system where young professionals can be more structurally engaged, they can contribute to project completion and help ensure the industry’s sustainability.