Happy Easter celebration to all those who celebrate this season.
Data Controllers have often relied on data to better understand the preferences of the customer base (Data Subject). While the traditional methods were engaged in the retrieval of data, the mobile devices connected to the internet introduced an influx of data on a real time called big data. Based on this advancement, Data Controllers with the technical capacity are able to identify customer needs accurately and identify sway in trends. Although this strategy seems beneficial to the Data Controllers, the naïve nature of the Data Subject to the collection and usage of personal online information for marketing remains a crucial poser.
The Nigerian Data Protection Regulation (NDPR) 2019 makes provision for guidelines on the marketing and use of personal data. By virtue of section 2.3 of NDPR 2019, A Data Controller is under an obligation to ensure that consent of a Data Subject has been obtained without fraud, coercion or undue influence. Also, no data shall be obtained except the specific purpose of collection is made known to the Data Subject and there should be a description of the collectable personal data.
Aside the obligation imposed on the Data Controller, the NDPR 2019 enables the Data Subject to restrict the personal data to be shared, request that is personal data to be deleted etc.
It is expedient to note that, the NDPR 2019 makes it mandatory for Data Controller to be in compliance with the privacy rights of any Data subjects and where the Data Controller is in breach of same, section 2.10 provides for the penalty for default.
In conclusion, flowing from the above cited provisions, Data Controllers are expected to be in compliance with the NDPR 2019 before the marketing and use of personal data.