Statutory public and private ororganisations may now file their Data Protection Audit Report before June ending as the National Information Technology Development Agency (NITDA) has postponed the filing deadline from March 15, 2021.
The Nigeria Data Protection Regulation (NDPR) applies to all storage and processing of personal data conducted in respect of Nigerian citizens and residents.
The extension is to allow organisations more time to submit the 2020/2021 regulatory audit as required by Article 4.1.6 of the NDPR, and must be conducted by a Data Protection Compliance Organization (DPCO) as licensed by NITDA.
The NDPR mandates all organizations that process the personal data of more than 1000 data subjects in a period of six months and 2000 data subjects in a period of 12 months to submit a Data Protection Audit Report to NITDA not later than 15th March every year.
Last year, due to the COVID-19 lockdown, the IT regulator had extended the deadline for filing the mandatory Data Protection Audit Report by data controllers to 15th May, 2020. As the hangover of the pandemic still persists, the agency deems it reasonable to also extend the deadline this year, a senior official of NITDA told IT Edge News.
NDPR is Nigeria’s principal data protection legislation
Nigeria’s principal data protection legislation is the NDPR issued by the NITDA on 25 January 2019 pursuant to Section 32 of the NITDA Act 2007 as subsidiary legislation to the NITDA Act 2007.
The NDPR defines a data controller as ‘a person who either alone, jointly with other persons or in common with other persons or a statutory body determines the purposes for and the manner in which personal data is processed or is to be processed. Data Protection Compliance Organisations (DPCOs) are data protection professionals or organisations licensed under the NDPR to assist data controllers in their data compliance journey.