October 28, 2019 /4:18 PM / By Wole Obayomi, KPMG /
Header Image Credit: Nigerian News Direct
The National Information Technology Development Agency (NITDA or "the Agency) on 25 January 2019, issued the Nigeria Data Protection Regulation (NDPR) which provides guidelines on the use of personal data by organizations who collect and/or process such data. The objective of this Regulation is to protect the right of Nigerian citizens and residents with respect to data privacy and foster safe conduct for transactions involving the exchange of personal data.
As part of its mechanism to enforce compliance with the Regulation, NITDA has mandated that all public and private organizations in Nigeria that control data of natural persons shall, make available to the general public their respective Data Protection Policies. This means that irrespective of the quantity of data controlled by any organization, each organization is expected to set up a Data Protection Policy where none is existent.
Also, all Data Controllers and Processors must conduct an independent Data Protection Audit and file the audit report with the Agency within a defined timeline. The Agency has also stipulated a fine of up to 2% of annual gross revenue as penalty for data privacy breach.
Key Information on Data Protection Audit
KPMG is able to support your organization with drafting/reviewing your Data Protection Policies for compliance with the NDPR. Also, KPMG is licensed by NITDA as a DPCO to perform Data Protection Audits, Implementation Support and Capacity Building/Training Programs in order to achieve compliance with the Regulation.