Follow Us on Google
From Adanna Nnamani, Abuja
The Nigeria Data Protection Commission (NDPC), has urged all banks, telecom operators, educational institutions, government parastatals and other organisations that collect and process data in Nigeria to immediately commence registration with the Commission before the year ends, for data protection compliance monitoring.
NDPC gave the directive in a statement issued by its spokesperson, Mr. Itunu Dosekun on Monday. The statement quoted the NDPC National Commissioner, Dr. Vincent Olatunji saying that this is in line with the provisions of the Act which mandates all data controllers and data processors to get registered within six months of the enactment of the law. He said that all the registered organisations will also be required to file their annual audit report with the commission between January and March every year.
While noting that the Commission is also increasing awareness to let Nigerians know their rights when it comes to their data, Olatunji said the registration of all organisations handling data is to ensure that the rights are preserved by all data processors and controllers in Nigeria.
“What we have in the law is that all data controllers and processors in Nigeria should register with the data protection authority. What the law says is that we should give them six months to acquaint themselves with the provisions of the law,” he explained.
The NC noted that data controllers and processors were over 500,000 in Nigeria.
He added that, “From now till December 31st, they have to register with the commission while they are expected to file their data compliance audit return between January 1 and March 31 every year,” he said.
He further explained that the Commission is saddled with the responsibility of creating awareness, guarding the rights of individuals to control and protect their personal information in the interconnected world, conduct investigations and meet out penalties for violators.
Olatuji affirmed that besides increasing foreign direct investment into Nigeria, the DPA would boost the confidence of investors knowing full well that there are workable legal frame works on ground to protect them and their businesses.
“Because a lot of country now, when you don’t have your data protection law and the Data Protection Supervisor Authority, they don’t want to do business with you, with this law you will be able to cross that stage that the average investors coming to Nigerian will know that we have a law, and an independent DPA (Data Protection Authority).
While highlighting the rights of data subjects, Olatunji said every Nigerian is a data subject as they all have data with either the government or private organizations.
“Data subjects have the right to give their consent or not when their data is being collected; the right of rectification where data is not correct, other rights he noted are portability, erasure, refusal of processing, etc.
On the part of data controllers and data processors, “they owe us the duty of care and accountability to ensure that the data with them is well protected. What kind of measures are they putting in place in terms of technological measures and organization measures to ensure that the data with them is secure” He explained.
The NDPC boss stated that one of the aims of the data protection law was to create confidence and trust in the economy and to attract foreign direct investments in Nigeria.
