Compliments of the Season! Welcome to another episode of Privacy Notes!
The Nigeria Startup Act was recently passed by President Muhammadu Buhari on the 19th of October, 2022. The Act aims to encourage the establishment of more Nigerian companies who are engaged in technological services, as it provides for a number of incentives which would be available for such tech companies. In light of the passage of the Act, it is expected that more tech companies would spring up in order to benefit from the incentives provided by the Act. Today’s Privacy Notes would be to remind us of compliance requirements as provided under the Nigeria Data Protection Regulation (NDPR), some of which are listed below:
- As a company/organization, you should engage a Data Protection Compliance Organization (DPCO) to assist in your compliance with the NDPR
- Ensure that you conduct a Data Protection Audit and file the Report with the Nigeria Data Protection Bureau on or before the 15th of March every year
- Appoint a Data Protection Officer and ensure consistent training and awareness on Data Protection.
- Ensure that there is a lawful basis for every processing activity to be done on Personal Data information
- Ensure that you have adequate Information Security measures in place, particularly in compliance with international best practice such as the ISO 270001
- Be reminded that sanctions for data protection infractions can get up to 2% of your Annual Gross Revenue.
The above are just some of the compliance requirements provided by the NDPR. These requirements can easily be complied with by the engagement of a DPCO, who is licensed to assess, train, audit and advice organizations and generally assist them in staying compliant with the provisions of the NDPR. Organizations are thus encouraged to engage DPCOs and effectively remain compliant.
Thank you for reading today’s edition.
Till next week.