Nigeria’s window of opportunity for data protection filing that expires August 31 opens defaulters to severe penalty risks following tougher measures to enforce privacy protection in the country, Taxaide Technologies Limited, a data protection compliance organisation (DPCO) says.
The NigerianDataProtectionCommission(NDPC) has issued a further extension on the Nigerian Data Protection Audit Filing obligations as set out in the Nigerian Data Protection Regulation (NDPR),2019) for operational businesses processing data of Nigerian citizens, Adaobi Olaye, Team Lead, Data Protection & Cybersecurity at Taxaide Technologies Limited says in a statement made available to Technology Times.
“This extension”, Olaye says, “which is slated to expire on the 31st of August 2023, is anticipated to provide Nigerian establishments that are yet to comply with the NDPR through the filing of Data Protection Audit Report, the opportunity to engage the services of a licensed DPCO to assist them in executing the prescribed audit, and in doing so, to avoid fines and penalties as prescribed under the extant Nigerian laws.
Nigeria’s Data Protection law
Under the provisions of the data protection laws, the NDPR requires that all businesses that process the data of Nigerians/and non-citizens residing within Nigeria must submit themselves to an audit of their data management processes and policies, the Taxaide Technologies Data Protection & Cybersecurity at Team Lead says.
According to Olaye, “The NDPR and the Data Protection Act aim to safeguard the natural privacy rights of citizens as enshrined in the Nigerian Constitution. Thus, ensuring the security and integrity of the data of employees, vendors, customers, and any other data subject should be of utmost importance for organisations who process data. Failure to comply with the requirements of the law, will attract stiff penalties and fines.”
Olaye reminds that the law now impose penalty of higher maximum amount for Data Controllers and Processors of major importance which attract higher maximum amount which is pegged at as the greater of N10,000,000 and 2% of the relevant data controller or processor’s annual gross revenue in the preceding financial year.
On the other hand, the penalty of standard maximum amount for Data Controllers and Processors that imposes the greater of N2,000,000 and 2% of the relevant data controller or processor’s annual gross revenue in the preceding financial year.
“In light of the above, we encourage organisations to file their reports on or before the deadline to avoid consequences,” Olaye says.