Privacy Note – January 31st

Hey there!

Welcome to another edition of Privacy Notes!

The National Information Technology Development Agency (NITDA) celebrated the National Privacy Week from Thursday, 23rd January 2020 and it culminated with the celebration of the International Privacy Day on Tuesday, 28th January 2020. This was the first time Nigeria would be participating in this event at an organized national level and NITDA organized a workshop on Data Privacy in a Digital Economy. This held at the NAF Base Conference Centre, Abuja. Of course the NDPR Academy was well represented at this event. In line with this celebration, we will be focused on discussing your rights as a Data Subject as provided under the Nigeria Data Protection Regulation (‘The NDPR’ or ‘The Regulation’) 2019. In our previous edition, we discussed the “Right to be Informed”. You can read it here

This week, we will be discussing the “Right to be Forgotten” (sounds funny right? Like, who would want to be forgotten?) What this simply means is that you, the Data Subject can request a Data Controller or Administrator to delete your personal data from any platform. The Data Controller is mandated by the provisions of the Nigeria Data Protection Regulation 2019, particularly Part 3, to delete your personal information on the following grounds:

1.    That your Personal Data previously given is no longer necessary for the purposes for which they were collected or processed by the Data Controller or Administrator;

2.    That you, as a Data Subject, have withdrawn your consent which had been the basis for the collection and processing of your personal data;

3.    That you, as a Data Subject, have and are objecting to the processing of your Personal Data by the Data Controller or Administrator and there are no overriding legitimate grounds which allow the Data Controller to continue processing your Personal Information;

4.    Your Personal Data was unlawfully processed;

5.    Your Personal Data has to be deleted in order to comply with a legal obligation in Nigeria. These legal obligations can be in form of Court orders, orders from a regulatory body in the sector in which the Controller operates etc.

NITDA places much emphasis on the protection of privacy in Nigeria and strives to ensure the safety of Personal Data at all times. It is in line with this that the Regulations give Data Subjects the right to request for their Personal Data to be deleted from any platform and even goes ahead to enumerate the grounds within which you can request for your data to be deleted, as listed above.

The NDPR goes ahead to provide that the Data Controller who has made your personal Data public is obliged to delete the Personal Data and not only that but to further take all reasonable steps to inform any other Controller who is processing your personal Data of your request to delete such data. This goes to show how much emphasis the NDPR and NITDA places on the safety of Personal Data.

So next time, remember that you have the right to be forgotten (lol!) and that you can ask for the deletion of your personal data based on the grounds as highlighted above.

Thank you for reading to this point.

Till next week,

Uwemedimo Atakpo Jnr

One Reply to “Privacy Note – January 31st”

Leave a Reply

Your email address will not be published. Required fields are marked *