About 40% of Oyo State over 115,000 civil servants will from this month benefit from series of data protection, privacy trainings as Data Protection Services Limited (DSPL) guide the south western state through strategic implementation of the Nigeria Data Protection Regulation 2019 (“NDPR”).
Issued by the country’s IT clearinghouse, National Information Technology Development Agency (NITDA), the NDPR is Nigeria’s primary data protection legislation. It provides the legal framework for data protection compliance requirements and managing breaches including the imposition of penalties for defaulters. Since 25th January 2019 when it became the effective regulation for data protection compliance, all public and private entities that process the personal data of more than 1000 data subjects in a period of six months and 2000 data subjects in a period of 12 months must submit a Data Protection Audit Report to the NITDA. By law, the submission is annual and mandatory. Data protection audit filing must be not later than March 15 of every year.
By the provision of the NDPR, “compliance is not a one-off obligation but a continuing activity for data controllers and processors in Nigeria. Failure to file these returns to NITDA is deemed a breach of the NDPR,” says one report by Mondaq AI.
DSPL is one of the data protection compliance organizations (DPCOs) licensed by the NITDA and has built extensive experience in provisioning remote and on-site trainings on data protection compliance.
About eight major ministries, departments and agencies (MDAs) including Ministry of Justice, Board of Internal Revenue, Ministry of Health, Civil Service Commission, and Bureau of Public Procurement among others are expected to lead the state’s NDPR journey,
Part of the services DSPL will be delivering in Oyo include awareness creation for employees of the state on data privacy policies for MDAs; collection of data, disposal of data; and audit of the state’s MDAs to assess their level of data protection maturity.
DSPL is already providing similar services to the government of Plateau State in central Nigeria. It has helped to guide the Plateau State Internal Revenue Service (PSIRS) to meet the NDPR compliance requirements.
“The NDPR recognises that governments at all levels are the biggest processors of personal data of Nigerians and in Nigeria. AT DSPL, in addition to assisting private organisations meet the compliance requirements, we have been able to evolve implementable approaches helping MDAs to adopt the NDPR guideline applicable to all public institutions in Nigeria including publicly funded ventures, and incorporated entities with government shareholding, either at the federal, state or local levels, while processing the personal data of a Nigeria citizens and residents,” said CEO of DSPL, Tunde Balogun.
He added: “Our unique NDPR implementation life cycle consists of three phases – Prepare, Operate and Maintain – with each incorporating a number of supporting activities. The objective defined for each phase is attained once all of the activities for that phase have been successfully executed. The ultimate goal of our methodology is sustaining and evidencing compliance with the NDPR.”
The NITDA introduced the NDPR to safeguard the right of natural persons to data privacy, foster safe conduct of transactions involving exchange of personal data. All public and private entities handling data must comply with the NDPR and only DPCOs are licensed to ensure compliance.
“As a professional company, DSPL guides clients through a mix of complex awareness tools and trainings to ensure they meet the requirements of the law as specified annually.
“We are an organisation founded to meet the unique needs of each of our clients and provide a workable framework allowing them to meet their compliance obligations under the law,” said Balogun while assuring the state government of the DSPL’s commitment to ensure it meets the NDPR guidelines in real-time.
Data drives digital economy
Data drives the digital economy and as Nigeria repositions to become more digitised, data merits and risks will be higher requiring increased government oversight role and regulation, said Balogun.
His words: “Data compliance is a critical issue as we become more technology driven and adhere to the tenets of a digital economy.”
DSPL’s services include NDPR Gap Analysis, allowing companies to effectively be data processors or controllers in relation to information about customers, employees and suppliers as ruled under the NDPR; Security Level to identify databases and their required security level; Website Compliance including website scanning for compliance gaps with NDPR cookies and consent requirements; Corporate Governance Procedures that covers updating and writing of corporate governance documents, procedures, guidelines and information security procedures; and Mapping for mapping organizational computer systems and databases as well as Mapping of data processing activities.