Johan consults limited logo

Steps To Compliance With The Nigerian Data Protection Regulation

Data is the new oil. Through the ages, information has always been a weapon. Especially in the world of business. Consumer data in particular is needed for organizations to know their stance, scope out the opposition, and market themselves. This is where NDPR compliance comes in.

Without the regulation of personal data, the world as we know it may cease to exist. Think about it: how exactly do pharmaceutical companies know the pain points of the masses? Definitely with consumers’ personal data. 

Just as personal data is used for good reasons, there are also negative uses. Unfortunately, data is exposed to numerous threats, such as loss, unauthorized access, and compromise. The most dire consequences of data compromise include targeted attacks, impersonations, and frauds.

Steps To NDPR Compliance

As a well-defined step towards data protection in Nigeria, the NDPR (Nigerian Data Protection Regulation) was established in 2019.

A Quick Overview of The Data Protection Law In Nigeria

The NDPR was the Nigerian data protection law. It was established to protect the data of Nigerian citizens, both at home and abroad. It functioned well, but it lacked proper legislative power and enforcement.

In 2023, it was replaced with a more comprehensive law, the Nigerian Data Protection Act (NDPA). The NDPA was more like it—an adaptation of Europe’s General Data Protection Regulation (GDPR). It covered everything from the duties of data controllers and processors in safeguarding data to sanctions and penalties to the rights of data subjects.

Now, organizations have to comply with these laws to achieve premium data protection practices.

Why is NDPR compliance important?

In medieval times, kingdoms had defense systems like moats, walls, and soldiers to keep out enemies. All individuals visiting or conducting business in the kingdom had to adhere to the rules. It was an intricate plan that required strict follow-through.

In the modern day, countries now enact laws like the GDPR and the Nigerian NDPA. But why should organizations know about NDPR Compliance?

Fines

Firstly, You must know that the Nigerian data protection regulation is capable of imposing fines on defaulting organizations. They may have to pay up to 2% of the annual global turnover or NGN 10 million, whichever is higher.

Sanctions

Another law you must know is that the NITDA can revoke the licenses of organizations that fail to comply with the data protection regulation. Temporary or permanent bans can be placed on such entities.

Civil Liabilities

Also, the defaulting organization can be liable for all the damages inflicted by data subjects. 

Loss of Trust

Another reason is loss of trust. Non-compliance with the NDPR can lead to fatal data loss or compromise. In turn, the reputation of the organization will be ruined, leading to trust loss within the consumer community.

Increase in Clientele

Also, organizations that comply will be included on the NDPB website. This act will prove the organization trustworthy. More clients will be attracted.

Reduced Data Loss

Lastly, with strict compliance, there is a drastic reduction in the risk of data loss. For a broader perspective into what data protection regulaiton is, you can also read about the GDPR compliance

Requirements for NDPR Compliance

Data protection and privacy are enforced in Nigeria by the NDPB (Nigerian Data Protection Bureau). Here are some of the criteria necessary to show compliance. 

– Filing an annual data protection audit with the NDPB through a licensed DPCO

– Conducting data protection impact assessments in accordance with the NDPR

– Notifying the NDPB of personal data breaches within 72 hours of awareness

– Processing data only for legal and lawful purposes.

– Designing systems to help data subjects connect to another platform easily and at minimal cost

– Clearly communicating the process for objecting to personal data processing to data subjects

– Implementing processes to help subjects correct their personal data

– Updating agreements with third- parties toward NDPR compliance

– Preparing and publishing a privacy policy on every medium of data collection in line with Article 2.5 of the NDPR

– Informing data subjects of developments needing new or different consent.

– Developing an internal data protection strategy to help staff and vendors understand data processing.

6 Steps To NDPR Compliance That You Should Know

Step 1: Know What You Are.

According to the NDPR, your organization can either be a data controller or a data processor. A data controller is an entity that determines the purpose of data processing. Only the data controller can dictate how data is collected, handled, processed, and stored.

Also, under the Nigerian Data Protection Regulation, controllers are most responsible for compliance. A data processor is simply a third-party entity that processes personal data on behalf of the controller.

Step 2: Assess Your Organization

Now you’ve established who you are and your obligations toward data protection. It is necessary to step back and take a bird’s-eye view of your organization.

Are your data protection practices up to par? Do you collect data in strict adherence to the NDPR? Are the data subjects aware of the entire procedure? Did they consent? Who has access to stored personal data? Etc. These questions should be asked to know where you stand.

Step 3: Control The Problems

Once you have steps 1 and 2 figured out, you need to address the identified problems. Do you have problems with data collection? Find ways to fix it. Can’t store personal data appropriately? Consider encryption technologies. Find out the best data protection practices for your organization.

Step 4: Appoint a DPO (Data Protection Officer)

DPO overlooks the data protection compliance of an organization. Just like the GDPR, the NDPR mandates data controllers and processors of “importance” to have a DPO. However, organizations without the resources can outsource one from a Data Protection Consultancy

What are the functions of a data protection officer?

The DPO offers guidance towards compliance with NDPR and similar laws.

Serves as a point of contact for the NITDA for the organization.

Conducts Data Protection Impact Assessments (DPIAs)

Step 5: Submit Your Reports

Data controllers processing data from over 1000 data subjects in 6 months need to submit a soft copy of the audit to the NITDA. The same applies to controllers handling over 2,000 data subjects in 12 months. Only theirs is yearly.

What should the audit contain?

1. Detailed description of data processing activities: data collected, its purpose, and with whom it is shared.

2. Specific information on the data protection policies of your organization

3. Proof of NDPR compliance: DPIA records, evidence of data subjects’ consent, etc.

4. Results of risk assessments and internal audits conducted. Compliance reviews should also be included.

Step 6: Train Your Staff

Lastly, a sound data protection system is not complete without proper staff education. All personnel should be trained on data protection, its importance, and ultimately, compliance with the NDPR. You can trust us at Johan Consults to help train your staff on data protection and compliance.

Conclusion

In conclusion, safeguarding data is important to all parties involved. Particularly, the data subjects. This birthed the NDPR, NDPA, GDPR, and other data protection laws around the world.

Compliance with the NDPR, is a sure way to ensure your organization is on the right track to data protection. Follow the steps included to achieve full compliance.

As straightforward as it seems, many organizations fall into the categories below:

1. Do not know what data protection is.

2. Know about Data protection, but are non-compliant

3. Willing to comply with data protection regulations but don’t know how

4. Understand data protection, aware of the NDPR and like laws, but need external help.

If you fall in any of the groups, JOHAN CONSULTS is the agency for you. You can visit our website to begin your data compliance journey.

Get You Business Compliant Today!

Learn Everything Data Protection Here. Download our Free Ebooks and Guides to Get Started!

You'll Also Want to Read

Categories

Tags

Stay on top of global data regulations. Subscribe to our Newsletter.

Products page subscribe form (#4)

© Johan Consults Limited Nigeria 2024. All rights reserved. Johan Consults Limited Nigeria.

Designed by Tech Della Solutions LTD.