Welcome to another edition of Privacy Notes!
We hope you are having a great start in the year? And as we get back to our everyday lives, let’s remember Omicron is out there; so continue staying safe, wash your hands, and observe the safety guidelines to avoid the spread of the virus.
In 2019, the National Information Technology Development Authority (NITDA) issued the Nigeria Data Protection Regulation (NDPR). The objective of the regulation is to establish the following:
- to safeguard the rights of natural persons to data privacy;
- to foster safe conduct for transactions involving the exchange of Personal Data;
- to prevent manipulation of Personal Data; and
- to ensure that Nigerian businesses remain competitive in international trade through the safeguards afforded by a just and equitable legal regulatory framework on data protection and which is in tune with best practice.
Furthermore, NITDA’s effort to ensure the security of Personal Data of Nigerians and Nigerian residents has put in place various requirements including the filing of an Annual Data Protection Audit Report by Data Controllers and Administrators (organisations). This report is to ensure that they are accountable and transparent with the processing activities embarked on with Personal Data of Data Subjects. The deadline for filing reports is on or before 15th March. This means that organisations that processes Personal Data of up to 2,000 Data Subjects are expected to file an audit report of 2021 before March 15, 2022. Where an organization fails to file this report, the NDPR provides for sanctions including a fine of up to 2% of the annual Gross income of the organization and other sanctions provided under the NITDA Act.
Now when we hear the word ‘Audit’, we probably think of long hours of tedious and boring analysis that we would rather avoid, but Data Protection Audits are just as important to organization as they are to the Data Subjects. Organisations can use the audit to identify any security breach in their systems and take steps to fix them and be compliant, while the Data Subjects will know why and how their Personal Data is being processed. Now as a Data Controller all you need to do is to employ the services of a Data Protection Compliance Organisation (DPCO), who will review your data collection and processing activities and implement the necessary measures to ensure that your business is in compliance with the provisions of the NDPR and its Implementation Framework.
Taxaide Technologies Limited (Taxtech) is a licensed DPCO that employs state of the art technology iDAP® to automate data protection audit. iDAP® ensures that the audit process is seamless, effortless, and comprehensive. This is infused with a high level of expertise gathered over years of experience in the data protection space. iDAP® is a web-based application for data protection auditing. It requires the user (Data Controller/Administrator) to create a profile and interact with the DPCO through a user-friendly interface. The process is well outlined and easy to use; the user answers various questions and uploads all relevant documents on the platform and the DPCO will carry out the audit and file the finished report with NITDA.
If you have not filed your Data Protection Report as a Data Controller or you have any enquiries as to whether or not you are required to carry out a Data Protection Audit and file a report of same, please contact us through email firstname.lastname@example.org or email@example.com. Furthermore, on any other enquiries about your rights to your Personal Data or on any issue regarding Data Protection, please don’t hesitate to get in touch with us. We are available to respond to your enquiries.
Until we meet again next week, stay safe and as you protect yourself from the Omicron variant, protect your Personal Data.