Mandatory Data Privacy Compliance for Nigerian Companies - A Data Audit Offer


Monday, March 2, 2020   /  04:37PM  /  By Olubunmi Abayomi-Olukunle  /  Header Image Credit:  CPO Magazine


As you may already be aware, Nigeria has now aligned herself with the global regulatory trend around regulating the collection and processing of the Personal Data of Nigerian citizens. 


On this basis, the National Information Technology Development Agency (NITDA) has recently published the Nigerian Data Privacy Regulations (Data Privacy Regulations). We now have some confirmation that the NITDA seeks to commence the issuance of regulatory actions after March 31, 2020 up to 100 erring companies.  

In summary, the approach taken by NITDA in the Data Privacy Regulations is to place additional compliance obligations on all Nigerian companies/employers in regard to how they collect, use and process the Personal Data of employees and customers/users or prospects. Kindly note that by law, failure to comply with these obligations may culminate in a fine of up to 2% of your company's Annual Gross Revenue. 


Here are a few quick points to note in the compliance walk. 


Proshare Nigeria Pvt. Ltd.


1. Immediately Conduct an Initial Data Audit: 


The Data Privacy Regulations require all employers/organisation to mandatorily conduct an Initial Data Privacy Audit. It is important to note that all employers/organisations, regardless of the number of employees, are caught by this requirement.   Typically, A Data Audit will confirm whether there are any gaps within a company's Data Privacy Policy Compliance Framework. This Framework can differ depending on the kind of business which a company engages in and the sector in which that company operates and would impact all Personal Data captured via CCTVs and standard HR applications. Where the results of the Initial Data Audit reveals that a company has processed the Personal Data of more than 1000 Data Subjects - i.e. Nigeria - in the last 6 months, that company would be required to file a summary of the Initial Data Audit with the NITDA. 


Proshare Nigeria Pvt. Ltd.


2. Annual Data Audits/Submission: 


This requirement only applies to organisations/employers who have processed the Personal Data of over 2000 Data Subjects in the last 12 months. The deadline for filing a summary of this Data Audit is March 15, of every year. Please note that these audits are to be conducted independently by external compliance professionals, technology-focused lawyers or other licensed data privacy professionals. The Annual Data Audit submission to NITDA for this year is due in less than 3-weeks from now.


3. Provide Data Privacy Awareness & Training for all Employees: 


We generally advise that employers/organisations consider this point because an employees are at the centre of all Data Privacy Compliance Frameworks. A failure in an employee's judgement of data privacy issues can present a level of regulatory risk for an employer. At the very minimum, it would be prudent for key designations like Chief Technical Officer, Chief Product Officer, Data Scientists, Database Manager & Engineers and the Board of Directors/Management/Founders to have a clear and working understanding of the requirements of the Data Privacy Regulations. We generally pay additional attention to deconstructing the Legal Standards pertaining to the definition of "Personal Data", "Data Controller", "Data Processor", "Data", "Data Subject", "Filing System", "Consent", "Sensitive Personal Data" etc and how Nigerian courts will interpret these Legal Standards  in a dispute or regulatory action scenario.

Proshare Nigeria Pvt. Ltd. 

4. How About Institutional Private Equity, Venture Capital or Strategic Investors/Accelerators?


Although there is no direct obligation under the Data Privacy Regulations in relation to portfolio companies, equity investments may suffer significantly where a fine is levied on a portfolio company by NITDA for failure to comply with the Data Privacy Regulations. On this basis. it would be prudent for investors to now seek confirmation from all their portfolio companies that such portfolio companies have complied with the mandatory requirements of the Data Privacy Regulations. Also, non-resident investors who collect Personal Data on their websites from founding teams in Nigeria, will need to comply with the relevant provisions of the Data Privacy Regulations. Lastly, investors with a local entity for sourcing deals or fund manager entities registered locally, as the case maybe, would also be caught by the provisions of the Data Privacy Regulations.


5. Obtain Data Processing Consent from all existing and prospective employees to process Employee Data:  


This can be achieved by ensuring that all existing and prospective employees sign a Data Consent Declaration.


6. The Headcount:


Please note that for purposes of determining the qualifying threshold of 1000 or 2000 Data Subjects as per thresholds stipulated by the Data Privacy Regulations, all employees and customers/users are captured including part-time employees, contract staff, full time staff, and one-off or non-paying customers. 


In the Business Update available via this link , we share some additional insights from some of the Data Privacy Audits that we have conducted recently.


Please feel free to let us know if you require our support with regard to conducting a Data Privacy Audit for your Company and making the necessary filings at the NITDA. Please note that the conduct of a Data Audit is a paid service.


We generally provide free Employee Training and Awareness Program  for all our retained clients or as a compliment for a Data Audit engagement. Please feel free to reach out, to confirm and agree a suitable timing for this Program, which we may conduct virtually or in-person, depending on the peculiar circumstances of your company. 


About Author

Olubunmi Abayomi-Olukunle is a partner and Lead Counsel at the Private Equity, Venture Capital & Emerging Companies sector-focused, specialist investment & finance law firm of Balogun Harold - or via e-mail:   


Proshare Nigeria Pvt. Ltd. 


Data Protection

1.          New Data Privacy Compliance Considerations in Cross Border M and A Transactions Facing Africa - Oct 31, 2019

2.         The Nigeria Data Protection Regulation - Compliance Requirements

3.         Report Sets Out Governance of Key OTC Derivatives Data Elements - Oct 09, 2019

4.         The Economics of Data - Sept 23, 2019

5.         How The General Data Protection Regulation Will Affect Your Business

6.         National Data Protection Regulations - Legal Alert


 Proshare Nigeria Pvt. Ltd.


Related News - Business Regulation

  1. New Finance Act with its Tax Amendments - Legal Alert
  2. DCSL 7th Annual Roundtable: Company Secretaries Pledge to Strengthen Corporate Governance In Nigeria
  3. DCSL Corporate Services Limited hosts the 7th edition of its Annual Company Secretaries' Roundtable
  4. REGULATORY CONVERSATIONS 6.0: NIN: Matters Arising and Implications To Nation Building
  5. Business Ethics in the News 2019 - Highest Number of Lapses in Banking and Finance Sector
  6. Visa Policy 2020 Will Position Nigeria As a Leading Investment Destination - NIS
  7. FG Licenses 27 Data Protection Companies
  8. Data Protection for Hotels - Legal Alert
  9. Reforming Stock Exchange Governance
  10. Nigeria Corporate Governance Code 2020: Ethics, Sustainability Crucial for Companies - Tosin Ajose
  11. Breach of Nigeria Data Protection Regulation by the Lagos State Internal Revenue Service
  12. Sanctity of Contracts, Key to Attracting Capital Investments Into Nigeria - Soji Apampa
  13. CBI's National Integrity Barometer Will Change Nigeria's Corruption Perception - Soji Apampa


Proshare Nigeria Pvt. Ltd.


Related News on Data & Financial Inclusion

1.          How Nigerian MFBs Use Digital Strategies To Deepen Financial Inclusion

2.         Digital Technology Will Enhance MFB Operations in Nigeria - Victor Mba

3.         Identifying The 4 Pillars for Achieving Nigeria's Financial Inclusion Target - Patrick Akinwuntan

4.         Accion 2019 Seminar Explores How MFBs Can Deepen Financial Inclusion

5.         How Africa's Fintech Industry Will Shape Financial Inclusion

6.         Accion MFB to Host its 3rd Annual Financial Inclusion Seminar on December 11th, 2019

7.         CBN Bankers Committee Celebrate 2019 World Savings Day Reaching 642 Schools In Nigeria

8.         DSN Launches First AI Book For Primary and Secondary Schools, To Deepen Technology In Nigeria

9.         Financial Inclusion In Africa: PalmPay Raises $40m From TECNO Mobile

10.      NIMC - Court Stops Issuing of National Identity Cards as Chams and CCL seek N114bn Damages

11.       Accion Mfb MD, SANEF CEO Discuss Nigeria's Quest Of Attaining 80% Financial Inclusion By 2020

12.      1st AI Book for Nigerian Elementary Schools to be unveiled at the DSN AI Summit 2019

13.      Financial Inclusion Rate in Nigeria Now 63.2% As At 2018

14.      Roadmap 2020: Nigeria's Financial Exclusion Rate Currently 36.8% - CBN

15.      Financial Services Agents Call On CBN To Address Stamp Duty Charges

16.      Zenith Bank Drives Convenient Banking and Financial Inclusion with Z-Money


Proshare Nigeria Pvt. Ltd.


Related News