Welcome to another edition of Privacy Notes!
I hope you are keeping safe.
In today’s edition of Privacy Notes, we will be talking about the Data Protection Officer (DPO) – not at all related to a District Police Officer. Rest assured you won’t be wearing any uniforms. lol!). A Data Protection Officer is a professional whose job is to advice an organization as well as ensuring its compliance with relevant data protection legislations. The DPO plays an important role in the daily activities of any organization particularly as it relates to communication with clients, vendors, visitors and even employees. The DPO is responsible for ensuring that the organization’s processes – such as policies and internal practices are in line with data protection laws applicable in Nigeria including but not limited to the Nigeria Data Protection Regulation (NDPR). This, he does by going through the organization’s policies and practices, reviewing same either alone or with the aid of an appointed Data Protection Compliance Organization (DPCO) (Taxaide Technologies Limited is a DPCO) and ensuring that the implementation of these policies is in line with the NDPR. It is important to note that even governmental bodies – Ministries, Departments and Agencies are mandated to have a Data Protection Officer as provided in the recent Guidelines for the Management of Personal Data by Public Institutions in Nigeria (the Guidelines) which was released by the National Information Technology Development Agency (NITDA) in May 2020.
The DPO also has the duty of standing in as a representative of the organization with its DPCO, the regulatory authority (NITDA) as well as with the Data Subjects in the event of audits, complains and investigations as well as enquiries on issues relating to its data protection practices. These are just highlights of the DPO’s functions as there are a number of obligations that come with the role. From the above, it is obvious that the DPO must be appropriately trained and possess substantial understanding of data protection as well as the provisions of applicable laws on data protection – including the NDPR. The Guidelines also mandate that governmental bodies must appoint a DPO who must undergo training in data protection. It is based on this that we are inviting you to participate in the next NDPR Academy training courses on Data Protection. The NDPR Academy offers two courses – the Foundation Course as well as the Practitioner Course. The Foundation Course will commence from September 18, 2020 and is designed to give you insight into what Data Protection entails, especially from the NDPR point of view. Do you think you already know the basics of the NDPR? We have got you covered! You can also enroll for the NDPR Academy Certified Master Course (the Practitioner Course) which by its design will give you more detailed insights into Data Protection even beyond the NDPR and from a broader and global perspective, with relevant case studies across the world. Basically, this Course gives you the wherewithal to take up Data Protection at a practice level.
Feel free to visit our website at http://www.ndpracademy.ng for more details. We look forward to having you!
Also, on this week’s edition of Privacy Notes: The Podcast, we will be talking about Transfer of Personal Data as provided under the NDPR. Just some quick information – Do you know that when a company making use of cloud storage sends Personal Data to a server located outside Nigeria, it has transferred that Personal Data out of Nigeria? You can find out the conditions the NDPR provides for transfer of Personal Data overseas when you tune in to our podcast at www.ndpracademy.ng/podcast.
Thank you for reading to this point.
Till next week,
Uwemedimo Atakpo Jnr.