Privacy Notes – (6-3-2020
Welcome to another edition of Privacy Notes!
Warning: “Deadline Month” is here!!! Did you know that this month is the deadline for filing your Annual Data Protection Audit Report?
The National Information Technology Development Agency (NITDA), through the Nigeria Data Protection Regulation (NDPR), has declared that companies who process the Personal Data of above 2000 Data Subjects in a period of 12 months are required to file their Annual Data Protection Audit Report with NITDA on or before the 15th of March of every year. The Regulation provides that “On an annual basis, a Data Controller who processes the personal data of more than 2000 Data Subjects in a period of 12 months shall, not later than the 15th of March of the following year, submit a summary of its data protection audit to the Agency…”
In order to ensure compliance with its provisions, the NDPR goes ahead to provide that any breach of its provisions shall be seen to be a breach of the National Technology Development Agency Act. The NITDA Act makes several provisions regarding offences and breaches of its provisions. It provides that where an offence is committed by a corporate body, every Chief Executive Officer or any officer acting in that capacity as well as every person who shows himself as acting in that capacity shall be taken to have committed that offence unless he can prove that the act or omission constituting the offence took place without his knowledge, consent or connivance. It goes further to provide that where a person or body corporate fails to comply with guidelines and standards prescribed by the Agency, such a person or corporate body shall have committed an offence.
The NITDA Act provides that first offenders will be liable on conviction to a fine of N200,000.00 (Two Hundred Thousand Naira) or imprisonment for a term of 1 year or to both such fine and imprisonment. The Act further provides that for a second and subsequent offence, such offender will be liable to a fine of N500,000.00 (Five Hundred Thousand Naira) or to imprisonment for a term of 3 years or to both such fine and imprisonment.
In light of the above provisions, it is pertinent that Data Controllers ensure that they file their Annual Data Protection Audit Report before the deadline in order to comply with the provisions of the NDPR while also avoiding sanctions.
In other news, the second NDPR Academy Foundation Course (NAC2B) held on the 19th of February 2020. The participants were duly educated on the rudiments of the Nigeria Data Protection Regulation including concepts such as the Principles of Data Protection, Rights of Data Subjects, Obligations of Data Controllers among other concepts. The NDPR Academy® also had its first Master Course session on the 5th of March 2020. The session was mainly focused on the core rudiments of cyber-security and measures to be taken to counter cyber-security threats.
Please note that the NDPR Academy holds its Foundation and Master Courses every quarter. Please endeavor to attend the next one as it is an avenue for you to be properly seasoned in the area of Data Protection…Oh! and even be certified as a Data Protection Officer! Isn’t that great? Please see the pictures from the last NDPR Academy Foundation Course training session here https://blog.ndpracademy.ng/highlights-of-the-ndpr-2020-q1-training/.
We hope that you have complied with the filing provisions of the Nigeria Data Protection in view of the deadline. If you have any enquiries regarding the NDPR, please leave a comment in the comment section and we will respond to you. We also look forward to your participation at our next Foundation and Master Courses.
Thank you for reading to this point.
Till next week,
Uwemedimo Atakpo Jnr.