NDPR: An Overview of The Nigeria Data Protection Regulation
Organizations all over the world are facing a great challenge, “how to safeguard data”. The process of safeguarding data, known as data protection, is a delicate one. Companies, small, medium, and large, are exposed to data threats like cyberattacks, accidental loss, and compromise. Where the wrong persons access data, forgeries, targeted attacks, and impersonations are some of the consequences. This pushed countries—Nigeria included—to lay ground rules to guide organizations through protecting the data of their citizens. Examples are the NDPR, GDPR, UK GDPR, etc. In this article, you’ll learn all there is to know about the Nigerian Data Protection Regulation(NDPR) What is the NDPR? The full NDPR meaning is NIGERIAN DATA PROTECTION REGULATION. It is a set of rules guiding the protection of Nigerian data by organizations. The Nigerian Data Protection Regulation has four objectives, which are: Territorial scope of the NDPR Just like most data protection laws, its reach extends beyond Nigerian borders. The NDPR applies to any organization processing the personal data of Nigerian citizens (home or abroad), regardless of its geographical location. For instance, If an organization in the EU wants to process the personal data of a Nigerian citizen, it has to follow the NDPR. When was the NDPR Established? The establishment of the Nigerian Data Protection Regulation occurred in January 2019 by the National Information Technology Development Agency (NITDA). Who Regulates NDPR? In the initial stages, the NITDA was the regulatory body. However, there was a need to create a separate body for the NDPR. The NITDA was stretched beyond what was necessary. The Nigeria Data Protection Bureau (NDPB) was established as the regulatory body. The purposes of NDPB are: Principles of the NDPR The Nigerian Data Protection Regulation has some principles guiding organizations (data controllers) Consent Organizations must get the full consent of the data subjects before collecting, processing, and storing data. The subjects must give consent freely with no trace of foul play. The data subjects also have the right to withdraw their consent. Lawfulness Data can only be collected for lawful purposes. Organizations must clarify the reasons for data collection, processing, and storage. Such purposes should be clearly disclosed to the data subjects. Accuracy Another principle is Accuracy. All the data collected by organizations must be correct. Any inaccuracy should be rectified immediately. Data minimization Data collected can only be processed for the stated purposes. It is unlawful to process data for any reason contradicting the initial purposes. Security Organizations must take specific precautions to ensure data security. This includes measures against unauthorized access, disclosure, loss, and alterations of personal data. Rights of data subjects. Also, the NDPR has provisions for data subjects. Individuals have the clear right to halt the processing of their data. They can also request access, erasure, and correction. Differences between the NDPR and NDPA. NDPA stands for the Nigerian Data Protection Act. Its issuance was in February 2023. The NDPA is the current data protection law in Nigeria. Its issuance did not completely overrule the previous laws—NDPR and the Data Protection Bill. Rather, they were placed under its umbrella. While the NDPA covers most of the NDPR, it lacks the specificity of the latter. The major difference between the two lies in the definition of terms. In summary, the NDPA and NDPR are more similar than different. In times where there is a conflict between the two, the NDPA is supreme. NDPR and GDPR The Nigerian Data Protection Regulation (NDPR) and the General Data Protection Regulation (GDPR) are the regulations for data protection in Nigeria and the EU, respectively. When it comes to it, the penalties are different. Non-compliance with the GDPR comes with a fine of up to 4% of the annual global profit or €20 million, whichever is higher. The NDPR non-compliance penalty is less severe. A fine of up to 2% annual global profit or 10 million Naira, whichever is greater. Nigerian Data Protection Regulation is an adaptation of the GDPR. GDPR is more comprehensive, with a broader scope. In conclusion The Nigerian Data Protection Regulation is important for safeguarding data in Nigeria, and meeting international standards while addressing local needs. Compliance with the NDPR will help organizations avoid penalties and foster trust among the client community. Are you an organization looking to scale up your NDPR and GDPR compliance? You can reach out to us at Johan Consults and be sure to get the best.
