Business Regulations, Law & Practice | |
Business Regulations, Law & Practice | |
2016 VIEWS | |
![]() |
Monday,
October 28, 2019 /4:18 PM / By Wole Obayomi, KPMG /
Header Image Credit: Nigerian News Direct
The National Information Technology
Development Agency (NITDA or "the Agency) on 25 January 2019, issued the
Nigeria Data Protection Regulation (NDPR) which provides guidelines on the use
of personal data by organizations who collect and/or process such data. The
objective of this Regulation is to protect the right of Nigerian citizens and
residents with respect to data privacy and foster safe conduct for transactions
involving the exchange of personal data.
As part of its mechanism to enforce
compliance with the Regulation, NITDA has mandated that all public and private
organizations in Nigeria that control data of natural persons shall, make
available to the general public their respective Data Protection Policies. This
means that irrespective of the quantity of data controlled by any organization,
each organization is expected to set up a Data Protection Policy where none is
existent.
Also, all Data Controllers and
Processors must conduct an independent Data Protection Audit and file the audit
report with the Agency within a defined timeline. The Agency has also stipulated
a fine of up to 2% of annual gross revenue as penalty for data privacy
breach.
Key Information on Data Protection Audit
KPMG is able to support your organization with drafting/reviewing your Data Protection Policies for compliance with the NDPR. Also, KPMG is licensed by NITDA as a DPCO to perform Data Protection Audits, Implementation Support and Capacity Building/Training Programs in order to achieve compliance with the Regulation.
Related News