In a bid to safeguard data privacy and protect the rights of individuals, the Nigeria Data Protection Commission (NDPC) has called on banks, telecom operators, educational institutions, government parastatals and other organisations involved in data collection and processing in Nigeria to register with the commission by December 2023.
The National Commissioner of the NDPC, Dr. Vincent Olatunji emphasised the importance of compliance with data protection laws during a sensitisation workshop on data privacy and protection held in Lagos.
According to the Act, data controllers and processors are mandated to register within six months of the enactment of the law. Additionally, registered organisations will be required to submit their annual audit reports to the Commission between January and March each year.
Olatunji emphasised that this initiative aims to ensure that all data processors and controllers uphold the rights of Nigerians regarding their data. The commission is actively working to raise awareness among citizens about their data rights. By requiring registration and annual audits, the NDPC seeks to preserve these rights for everyone in Nigeria.
The timeline for registration applies to over 500,000 data controllers and processors in various sectors, including banks, telecom operators, insurance companies, and schools. Olatunji urged these organisations to promptly register with the commission and file their data compliance audit returns between January 1 and March 31 each year.
The Nigerian Data Protection Commission is responsible for creating awareness, safeguarding individuals’ rights to control and protect their personal information, conducting investigations, and imposing penalties for violations. Olatunji believes that the establishment of the Commission and the data protection law will enhance foreign direct investment into Nigeria, instilling confidence in investors about the existence of robust legal frameworks to protect their interests and businesses.
He stressed that this legal framework is vital for businesses seeking to operate in Nigeria, as many countries refuse to do business with entities lacking data protection laws and independent data protection authorities.
Regarding data subjects’ rights, Olatunji highlighted that every Nigerian is a data subject and they have the right to give or withhold consent when their data is collected. Other rights include rectification, portability, erasure and refusal of processing.
For data controllers and processors, the NDPC boss emphasised their duty of care and accountability in safeguarding the data in their possession. Implementing strong technological and organisational measures is essential to ensure data security.
The data protection law aims to create trust and confidence in the Nigerian economy, making the country an attractive destination for foreign direct investments. By protecting personal data, individuals’ identities will be secured, preventing identity theft and enhancing digital security.
On June 12, President Bola Tinubu signed the Data Protection Bill into law, transforming the National Data Protection Bureau into the Nigeria Data Protection Commission, responsible for overseeing the implementation of the data protection law.
