Information and Communication experts have said the world’s most valuable asset is now data. Data has been described as individual units of information, which may be measured; collected and reported; stored and analysed. In computing, data is information that has been translated into a form that is efficient for movement or processing.
Though internet subscribers and social media users are required to provide personal data and sensitive information to facilitate access and use of these platforms, this is sometimes compromised. Almost all transactions conducted online require the release of some form of personal data. This introduces the risk of having personal sensitive information being potentially shared with or sold to high level security agents or blue-chip companies to enable surveillance and data gathering.
In Nigeria, some banks and other financial institutions have been found guilty of breaching their customers’ data. That’s why federal government is now taking data protection issue seriously.
Data protection is the process of safeguarding important information from corruption, compromise or loss. Protecting data from compromise and ensuring data privacy are other key components of data protection; however, where there are no laws to enforce in the event of breach, the value of those rights is lost. In order to uphold the sanctity of these rights, sovereign nations of the world put in place regulations and other mechanisms to guarantee them. Nigeria is not left out in this global community of data privacy and protection regulation.
Reforms: Can Nigerians trust the markets?
NIGERIA DAILY: Are The Pedigrees Of The New Service Chiefs Enough To Judge Their Competence?
Now, a new law recently signed by President Bola Ahmed Tinubu provides for the establishment of a new data protection body as well as a regulatory framework for data protection in the country.
What you should know about the law
The key provision of the new law is the establishment of the Nigeria Data Protection Commission, which replaces the Nigeria Data Protection Bureau (NDPB) established by immediate past President Muhammadu Buhari in February 2022. The new body will be headed by a National Commissioner appointed by the President for a term of four years which is renewable once.
According to Section 6 of the Act, the powers of the Commission include issuing regulations, rules, directives, and guidance under the Act; engaging consultants for assistance in the discharge of its functions; imposing penalties; prescribing fees payable by data controllers and data processors in accordance with data processing activities, and prescribe the manner and frequency of filing, and content, of compliance returns by data controllers and data processors of major importance to the Commission.
The Act also provides for creating a Governing Council to be chaired by a retired judge of a superior court of record. The members of the Council—who the President will appoint—will be part-time members other than the National Commissioner.
Framework for processing data
Section 24 of the Act outlines the principles of the processing of personal data, stating that the data controller or data processor must ensure that data is collected legitimately and “processed in a manner that ensures appropriate security”. While Section 25 provides the lawful basis for personal data processing anchored on the consent of the subject data for the specific purpose or purposes for which the data will be processed. Similarly, section 34-37 establishes the rights of a data subject—a person whose information is being collected.
The law also prohibits the cross-border transfer of personal data, except if there is legal backing for it. It equally states that all data controllers and processors of significant importance must be registered with the Commission within six months after the commencement of the Act.
Banks, telcoms, oil firms to lose 2% revenue for data breach – FG
Commercial banks, telecommunications companies, and other organisations will now lose two percent of their annual revenue to the Federal Government for any breach of their customers’ data, the Nigeria Data Protection Commission (NDPC), has said.
NDPC’s National Commissioner/CEO, Dr Vincent Olatunji who stated this on Monday in Abuja during a news conference on the implementation of the recently signed Nigeria Data Protection Act 2023, said, depending on the impact on the victim and other factors, the sanctions could be more or less severe.
Olatunji said the Act would ensure a sustainable digital economy and that the commission was putting plans in place to create 500,000 jobs in order to close the capacity gap in the subsector and help the President achieve his goal of creating one million jobs.
NDPC boss also explained that the Commission, aims to increase public awareness campaigns, develop a standardized framework for implementation to ensure consistency and clarity across all sectors and improve capacity-building for Data Protection Officers (DPOs) within the next two quarters of the year.
He also revealed plans to upscale registration process for data controllers and data processors, introduce a definite calendar for filing annual Compliance Audit Returns and strengthen its regulatory frameworks for DPCOs as well as issue sector-specific guidelines particularly for financial and telecom sectors.
He said: “At the core of the NDPR is the essence of respect – respect for the personal data of our citizens, respect for privacy, and respect for digital rights. This respect is now solidly etched in the NDPA.
“The change in legislation is not merely an addendum to the nation law books but a transformative stride towards shaping a culture where the protection of personal data is a cherished principle and an inviolable obligation.
“The move to make data protection a statutory requirement means every organization, big or small, must cooperate with government and also ‘walk the talk’ in the interest of our dear nation.
“This development should not be seen as a burden; rather, let us view it as an exciting journey towards gaining trust, building robust data protection structures, and strengthening our standing in the global digital economy landscape.
‘Data Protection Act will boost Nigeria’s economy’
The Association of Licensed Data Protection Compliance Organisations of Nigeria (ALDAPCON) said the Data Protection Act recently signed into law by President Bola Ahmed Tinubu will boost the country’s economy.
The Nigeria Data Protection Act, 2023 provides a legal framework for the protection of personal information, and the practice of data protection in Nigeria.
But in a statement ALDAPCON said the Data Protection Act would help enhance the data privacy and confidentiality of Nigerians, enable effective data flow, boost Nigeria’s steadily growing data protection industry necessitating new levels of skill sets and jobs that will impact significantly on the economy and protect the country’s data sovereignty as well as enhance GDP.
The new law, according to the association, will also ensure better clarity in the roles of data processors and data controllers.
The new law also establishes the Nigeria Data Protection Commission and replaces the Nigeria Data Protection Bureau (NDPB) established by President Buhari in February 2022.
Led by the National Commissioner, Dr Vincent Olatunji, the Commission is charged with the responsibility for regulating the practice of data protection amongst others.
ALDAPCON lauded Tinubu for signing the Nigeria Data Protection Bill, 2023 into law.
“We want to commend Mr President for this progressive Act. We congratulate Nigerians and particularly note the great works put in by your agency to ensure this bill is passed,” said Chairman of ALDAPCON, Ivan Anya.