Business Regulations, Law & Practice | |
Business Regulations, Law & Practice | |
739 VIEWS | |
![]() |
Friday, January 29, 2021 / 06:23 PM / By KPMG Nigeria / Header Image
Credit: Andersen Tax
On
25 January 2019, the National Information Technology Development Agency (NITDA
or "the Agency") issued the Nigeria Data Protection Regulation (NDPR or "the
Regulation") which provides guidelines for the use of personal data collected
and/or processed by organizations. Specifically, the NDPR requires all
public and private organizations in Nigeria that control data of natural
persons to publicise their respective Data Protection Policies. In
addition, all Data Controllers and Processors who collect and process more than
2,000 data subjects within a 12-month period must conduct an independent Data
Protection Audit (DPA) and file their DPA reports with the Agency, not later
than 15 March of the following year.
Based
on the above, companies who collected and/or processed data from January to
December 2020 have until 15 March 2021 to submit their DPA reports to the
NITDA. Failure to file the DPA report within the statutory timeline may
attract a fine of up to 2% of a company's annual gross revenue for the
preceding year.
Only
licensed Data Protection Compliance Organizations ("DPCO") can perform the
independent DPA, in line with the provisions of the Regulation. The DPA
will, amongst other things, assess an organisation's compliance with the
requirements of the NDPR across various areas, including data protection
governance, policies and processes, information systems security and controls
over personal data.
The
following compliance steps are recommended for Data Controllers who have:
1. filed their initial Data Protection Audit Report
2. not filed their initial Data Protection Audit Report
KPMG is licensed by NITDA as a DPCO, and can assist your organization to achieve compliance with the NDPR through the following services:
Credits
* This statement was
first published in the Issue 1.8/ January 2021 Newsletter of KPMG of Friday,
January 29, 2021. For further enquiries,
please contact the authors, Abimbola Omolola and John Anyanwu via aomolola@kpmg.com and/or janyanwu@kpmg.com
Related News
1.
Proshare
Nigeria, 633 Others Listed Among Data Protection Compliant Organizations in
Nigeria
2. SEC,
NITDA Collaborate on Data Protection
3. FG
Licenses 27 Data Protection Companies
4. Data
Protection for Hotels - Legal Alert
5. Breach
of Nigeria Data Protection Regulation by the Lagos State Internal Revenue
Service
6.
The Nigeria Data
Protection Regulation - Compliance Requirements
7. National
Data Protection Regulations - Legal Alert
8. European
General Data Protection Regulations - Highlights
9. How
The General Data Protection Regulation Will Affect Your Business