The Nigeria Data Protection Regulation - Compliance Requirements

Monday, October 28, 2019   /4:18 PM  / By Wole Obayomi, KPMG / Header Image Credit: Nigerian News Direct 

The National Information Technology Development Agency (NITDA or "the Agency) on 25 January 2019, issued the Nigeria Data Protection Regulation (NDPR) which provides guidelines on the use of personal data by organizations who collect and/or process such data. The objective of this Regulation is to protect the right of Nigerian citizens and residents with respect to data privacy and foster safe conduct for transactions involving the exchange of personal data.

As part of its mechanism to enforce compliance with the Regulation, NITDA has mandated that all public and private organizations in Nigeria that control data of natural persons shall, make available to the general public their respective Data Protection Policies. This means that irrespective of the quantity of data controlled by any organization, each organization is expected to set up a Data Protection Policy where none is existent.

Also, all Data Controllers and Processors must conduct an independent Data Protection Audit and file the audit report with the Agency within a defined timeline. The Agency has also stipulated a fine of up to 2% of annual gross revenue as penalty for data privacy breach.

Key Information on Data Protection Audit

• Who is qualified to conduct a Data Protection Audit: NITDA has licensed Data Protection Compliance Organizations (DPCO) to perform independent compliance audits. The Agency will only accept reports verified by licensed DPCOs.
• What is the timeline for submission of a Data Protection Audit report: The initial timeline mandated by NITDA was six months from the issue of the NDPR. However, the Agency further extended the deadline by three months.
• What is the scope of the audit: The Data Protection Audit will assess the organization's implementation of the requirements of NDPR and will cover areas such as data protection governance, policies and processes, as well as information systems security and controls over personal data, amongst others.

KPMG is able to support your organization with drafting/reviewing your Data Protection Policies for compliance with the NDPR. Also, KPMG is licensed by NITDA as a DPCO to perform Data Protection Audits, Implementation Support and Capacity Building/Training Programs in order to achieve compliance with the Regulation.

Related News

1. How The General Data Protection Regulation Will Affect Your Business
2. National Data Protection Regulations - Legal Alert
3. Patents: The Fitness and Wellness Industry
4. Information Minister Inaugurates NBC Reforms Committee, Says FG Plans To Regulate Online Media
5. NBCC To Host Stakeholders Breakfast Meeting On Corporate Governance
6. Ownership of Trademarks in Nigeria
7. DealHQ to Host its Inaugural Enterprise Roundtable on October 31, 2019
8. FHC Upholds The Imposition of Consumption Tax in Lagos State
9. One Page Summary of Each IFRS Published
10. Copyright Protection and Enforcement Rules - Legal Alert