The Federal Government’s directive to Ministries, Departments and Agencies (MDAs) to comply with the nation’s data privacy regulations represents a significant advancement for Nigeria’s data protection journey, Mr. Ayo Eso, 3Consulting Limited CEO tells Technology Times.
In a November 7, 2022 service-wide circular with Ref No. SGF/OP/l/S.3/Xll/186 and signed by Mr. Boss Mustapha, Secretary to the Government of the Federation, the Federal Government directed all MDAs to comply with the provisions of the Nigeria Data Protection Regulation (NDPR).
Nigeria’s NDPR which is modelled after the EU’s General Data Protection Regulation (GDPR) provides broad rules for citizens’ data privacy and protections in the country.
Federal government should also ensure that an awareness campaign is implemented via various media channels, since compliance is a concern for all citizens, not just for organisations. The right to data privacy and protection is a generally protected globally-mandated right and the Federal Government has taken a big step toward protecting these rights.”
-Mr Ayo Eso, 3Consulting Limited CEO.
NDPR: What Nigeria’s data privacy rules means for society
“This is a significant advancement in data privacy,” the 3Consulting CEO says, noting that the initiative “will help to defend individuals’ rights and liberties, since the transformative importance of data in today’s society cannot be overstated.”
According to Eso, beyond the MDAs, “it is best practice for companies to compel their service providers” straddling agents, licensees, contactors, among other stakeholders to comply with the NDPR.
Citing provisions of Article 2.7 of the NDPR, Eso says that if done otherwise, “they will remain a weak link in the data privacy and protection system.”
Eso, CEO of 3Consulting, one of Data Protection Compliance Organisations (DPCOs) in Nigeria, with responsibilities for implementing the NDPR’s mandates in the areas of training, auditing, consulting and rendering services aimed at ensuring compliance with the Regulation or any foreign Data Protection law or regulation having effect in Nigeria, says that State government should take a cue from the compliance precedence set by the Federal Government.
According to the 3Consulting CEO, “the state government should likewise follow the footsteps of the federal government and ensure that all MDAs under the state government comply with the provisions of the NDPR.
Federal government should also ensure that an awareness campaign is implemented via various media channels, since compliance is a concern for all citizens, not just for organisations. The right to data privacy and protection is a generally protected globally-mandated right and the Federal Government has taken a big step toward protecting these rights.”
Meanwhile, the SGF who says the directive takes immediate effects and MDAs should immediately carry out the following:
- Designate appropriate officers as their Data Protection Officers (DPOs) who will on regular basis advise management on data processing activities of their organization and ensure compliance with the provisions of the NDPR and all matters relating to protection of the privacy, rights and freedom of data subjects;
- b) Forward the name and contact details of the DPOs to Nigeria Data Protection Bureau (NDPB) for documentation and requisite induction training;
- c) Appoint licensed Data Protection Compliance Organizations (DPCOs) who will guide the MDA through compliance framework and file their annual reports with the NDPB;
- d) Make appropriate budgetary provision for annual Data Protection Audit compliance process and capacity building of Data Protection Officers as well as other staff.
The 3Consulting CEO’s commendation comes amid a recent one by Dr. Vincent Olatunji,National Commissioner and CEO, Nigeria Data Protection Bureau (NDPB) who describes the directive as “historic step.”
Dr Olatunji commends the Federal Government “for taking this historic step towards advancing fundamental rights and freedoms of Nigerian citizens and residents particularly in the area of privacy.”
According to him, “as an agency of government, we are cheered by this development because it clearly demonstrates the preparedness of public sector organisations and functionaries in providing an enabling environment for the growth of our digital economy.”
With the circular, the NDPB CEO says that “over 200 million Nigerian citizens now have additional reference to call in aid in order to protect lives and livelihoods in a data driven ecosystem.”
NDPB “will continue to cooperate with stakeholders so that the numerous benefits of lawful data processing such as job and wealth creation can spread to all nooks and crannies of Nigeria,” Olatunji says.
According to NDPB, Nigeria’s NDPR will help in the following areas:
- To safeguard the rights of Natural Persons to Data Privacy;
- To foster safe conduct of transactions involving the exchange of Personal Data;
- To prevent manipulation of Personal Data; and
- To ensure that Nigerian businesses remain competitive in international trade through the safe-guards afforded by a just and equitable legal regulatory framework on data protection and which (framework) is in tune with best practice.
