The Independent National Electoral Commission (INEC) has sought clarifications and sensitisation on data protection from the Nigeria Data Protection Commission (NDPC).
This request was made during an interactive meeting between INEC and NDPC at the INEC headquarters. The meeting aimed to ensure the proper protection of personal data of Nigerian citizens in INEC’s database and to safeguard citizens’ and voters’ personal data, ensuring credible elections.
The national commissioner of NDPC, Dr. Vincent Olatunji commended the chairman of INEC, Prof. Mahmood Yakubu for his willingness to implement measures to protect the personal data of Nigerian citizens and to comply with the Nigeria Data Protection Act. “All of us are data subjects; INEC is a data controller. We must process data within the laws provided in the Nigeria Data Protection Act. Any data leakage here can lead to a lot of issues, with INEC being a data controller of major importance in Nigeria.”
The chairman of INEC appreciated Olatunji, emphasising the importance of data protection. He noted that INEC stores the largest citizen database in Africa, with 93 million records from the last election. “We have the most sensitive records of citizens, from their fingerprints and facial biometrics, across the executive, legislative and judicial branches, male and female, young and old. It is better to start sensitisation now before it’s too late.” He stressed the necessity for INEC to gain clarity on data protection to ensure compliance and informed practices.
Olatunji emphasised the importance of data protection and the consequences of inadequate measures, especially for INEC as data controllers of major importance. He highlighted the potential consequences of non-compliance, including reputational damage, financial loss and even death in extreme cases. He also spoke about the penalties for non-compliance: “It ranges between 1N10 million and 2 per cent of your gross earnings. The CEO can even go to jail, which is why it is better for everybody to obey the law.”
He outlined what INEC is required to do in the area of compliance, including having a privacy policy, appointing a data protection officer (DPO) at the headquarters and state levels, engaging a data protection compliance organisation (DPCO), among other measures. He added that the NDPC will conduct free training for INEC staff members and appointed DPOs, as anyone can be the weakest link in data breaches.
A statement by the commission’s head of the media unit, Itunu Dosekun said other areas discussed included awareness, the level of a prospective DPO, policies, cyber-attacks, among others. An implementation committee consisting of staff from both NDPC and INEC was immediately set up to implement data protection and privacy measures to guarantee trust and confidence in INEC’s data processing activities.
