Since 2010, the Global Law Experts annual awards have been celebrating excellence, innovation and performance across the legal communities from around the world.
posted 3 years ago
Introduction
As data usage in Nigeria is fast becoming an inevitable part of business practices, the regulatory oversight of the National Information Technology Development Agency (NITDA) in protecting personal information now cuts across most sectors of the economy. More than ever before, it is important that all companies assess their practices in view of the Nigeria Data Protection Regulation (NDPR) to avoid penalties which could be as much as 1-2% of the annual revenue of the company.
In assessing the level of compliance by companies with the NDPR, NITDA requires companies to engage a licensed Data Protection Compliance Organisation (DPCO) to conduct a data protection audit and file the report with NITDA. Although the deadline for data protection audits for the audit year of 2020 to 2021 lapsed on June 30, 2021, companies who are yet to carry out the audit are encouraged to engage a DPCO who is empowered to apply and obtain specific extension for each company.
Companies who have been audited and therefore in good standing, are expected to continuously monitor their data protection practices, ensuring they remain compliant. In this article, we have itemised five things companies should do to properly monitor their data protection practices.
Any company or organisation that meets the following criteria is expected to appoint a Data Protection Officer (DPO) within 6 months of commencing operation. The company:
The DPO is to be knowledgeable in data protection; and will be responsible for monitoring compliance with the NDPR, advising the management, employees and third-party privy to personal information, and acting as the primary contact person for NITDA.
A data protection impact assessment (DPIA) is a process carried out by the DPO to assess and minimise the possible risk to a data processing activity. For a company launching a new business process or activity which would involve the use of sensitive information or heavy use of personal information of individuals, the DPO of the company is to carry out a DPIA to identify, evaluate and minimise possible data protection risks. This will help companies address the risks in the processes and ensure continuous compliance with the NDPR.
A company may monitor its compliance level by carrying out a periodic internal audit of its data protection practices to map, identify systems and improve these practices.
Under the NDPR, a company that qualifies as a data controller will be responsible for the actions of its data processors (data administrators) i.e. third parties using personal information to provide services to the business. Consequently, companies are expected to conduct due diligence on the third party to ensure their data processing practices are in line with the NDPR.
All companies that collect or process the personal information of over 1,000 individuals are required to submit to a data protection audit by a DPCO. The DPCO shall review the data protection documentation of the company, assess the systems and practices of the company and assess the knowledge of the staff before providing recommendations.
Conclusion
It is advisable for companies with the personal information of Nigerians (including foreign companies) to ensure such information is processed in compliance with the NDPR to avoid regulatory sanctions. These companies are further advised to implement these five steps to ensure their continued compliance with the NDPR.
Pavestones is a full-service law practice and a licensed DPCO supporting Nigerian and foreign clients. For more articles on data protection or clarity on our article above, contact Pavestones at info@pavestoneslegal.com
posted 1 day ago
posted 2 days ago
posted 2 days ago
posted 2 days ago
posted 4 days ago
posted 5 days ago
posted 5 days ago
posted 5 days ago
posted 6 days ago
posted 6 days ago
No results available
ResetFind the right Legal Expert for your business
Sign up for the latest advisor briefings and news within Global Advisory Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Advisory Experts is dedicated to providing exceptional advisory services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.