…2024 data protection award to hold February 4
By Dele Ogbodo and Victoria Onyisi
The National Commissioner/CEO, Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, on Sunday assured that the Commission will not allow any organization in the country to treat Nigerians as 2nd class citizens when it comes to respect for the data privacy of citizens.
Olatunji, who sounded the warning at the Global Data Privacy Day which is simultaneously celebrated across the globe said failure of any organization to obey Nigeria’s data protection law will attract penalties.
According to the National Commissioner, it is important to reiterate the purpose of the efforts of the Comission which is protecting lives and livelihoods in a world of phenomenal disruptions, towards ensuring that everyone plays their roles in this critical task if we identify them and know how their activities impact citizens and the economy.
This is why registration of data controllers and data processors of major importance is sacrosanct, he said.
“We must ensure that dark web barons and criminal exploiters of personal data do not make Nigeria a haven–for want of cooperation among bona fide data owners and data users.
“Those who choose the crime must do the time.” As members of the 4th Estate of the realm, the nobility of your profession depends on an ecosystem that respects the rights of citizens.
On collaboration, he said It is, thus, in our collective interest to work together to secure Nigeria’s present and future in the frontiers of the 4th Industrial Revolution.
While expressing excitement at the Commission’s achievements within a year, he said: “We have already achieved 2 of the 3 most challenging targets of the 5 year roadmap, adding that the enactment of a principal legislation on data protection, the Nigeria Data Protection Act (NDPA), 2023 was a major turning point in Nigeria’s Data Privacy and Protection journey.
“We can only ensure that everyone plays their roles in this critical task if we identify them and know how their activities impact citizens and the economy.
This is why registration of data controllers and data processors of major importance is sacrosanct.
We must ensure that dark web barons and criminal exploiters of personal data do not make Nigeria a haven–for want of cooperation among bona fide data owners and data users.
“We must salute the vision of President Bola Tinubu who saw the importance of the law to the current administration’s priorities and signed the Nigeria Data Protection bill into law barely 12 days of assuming office.”
“Through the law, the Nigeria Data Protection Commission, he said was formally established as a statutory successor to the Nigeria Data Protection Bureau.”
Significantly, Olatunji, added that the Act fulfils our treaty obligation to establish an independent supervisory authority and put in place adequate safeguards of data protection as provided under the 2010 ECOWAS Supplementary Act on Personal Data Protection and Malabo Convention of 2014 on Cybersecurity and Data Protection.
“It is worthy of note that NDPA not only codified fundamental safeguards for privacy as intended by the Constitution, it also ensures that whenever the provisions of other Acts, laws or regulations are in conflict with the provisions of the NDPA as far as the processing of personal data is concerned, the provisions of the NDPA shall prevail.” He said.
However, he explained that awareness remains a challenge to attaining the remaining 1 of the 3 even as he added that this also resonates with the need for capacity building.
Olatunji, said: “The Commission, as you know, is keen on building a globally competitive pool of Data Protection Officers who will be able to discharge the duties required of them under section 32 of the NDPA.
“We have identified at least 500,000 data controllers and data processors who need qualified DPOs in order to meet their obligation under the law. We cannot afford to subject this pool to compulsory foreign certifications as this will put pressure on our local currency and defeat the aims and objectives of Federal Government’s Executive Orders 003 and 005.
“Rather, we have concluded arrangements for the licensing of an indigenous certification body with global standard and international spread to fill the gap. This is in addition to the invaluable efforts of the Commission in building internal capacity of staff in collaboration with various stakeholders such as the Identity for Development project office in Nigeria, European Commission, and Smart Africa, among others.
“Suffice to state that we have taken some organisations in the Academia, Private sector, Ministries, Department and Agencies of government though data protection induction trainings to introduce them to basic data protection ethics and practice with the aim that they would put in place measures to build on our modest efforts.”
Another profound achievement according to the Data boss, is the breaking of new grounds in regulatory oversight of the ecosystem, adding: “We have inaugurated the Nigeria Data Protection Act-General Application and Implementation Directive (GAID) Drafting Committee.
“It is worthy of note that our technical experts at the Commission are already driving this process in collaboration with stakeholders from the industry. This is a testimony of the Commission’s investment in capacity building and knowledge exchange programmes with sister regulators in other jurisdictions.
“Under the GAID, the Commission is bringing attention and legal guidance to critically emerging areas of Data Protection and Artificial Intelligence, Data Ethics and Cross-Border Data Flows among others.
“We are leveraging collaboration with other regulators in order to achieve systemic impact in different sectors. We have existing Memoranda of Understanding with regulators such as the Federal Competition and Consumer Protection Commission (FCCPC) and the Nigeria Institute of Transport Technology (NITT) while others such as the Central Bank of Nigeria, National Lottery Regulatory Commission, National Health Insurance Authority, and Small and Medium Enterprise Development Agency, Committee of Vice Chancellors and National Board for Technical Education amongst are ongoing.
“At the international level, we are working with other Data Protection Authorities across Africa, the Federal Trade Commission of the United States while arrangement for an MoU is currently ongoing with the Information Commissioner’s Office in the United Kingdom with focus on four major areas namely, Knowledge Exchange on Data Privacy and Protection; Mutual Legal Assistance on Investigation of Data Breaches; Mutual Legal Assistance on Enforcement of Transborder Decision; and Mutual Legal Assistance on Intergovernmental Information Sharing.”
In the area of complaints and investigations, he said the Commisssion has received over 1000 complaints and after thorough review, 50 have been verified and investigations are currently ongoing on 17 major cases covering several sectors such as Finance, Technology, Education, Consulting, Government, Logistics and Gaming\Lottery among others.
Through remedial actions for completed cases, we have generated over N400 millionaira revenue for government, he said.
Still on achievements, he added…In addition, to foster compliance, we have increased the number of Data Protection Compliance Organizations from 103 to 163. As a result of this, annual audit filing has increased to over 2000 per annum while the cumulative revenue in the sector is estimated at 6.2 Billion and approximately 10,100 jobs have been created so far.
“It is also worthy of note that Nigeria has now been admitted to the Global Privacy Assembly made up of about 130 countries. This is in addition to being an active member of the Network of African Data Protection Authorities (NADPA). Membership of the organisations is a credence to our international recognition and the modest traction we have garnered in the data protection ecosystem in Nigeria.
“In the coming days, we shall commence massive awareness for all data controllers and processors to register with the Nigeria Data Protection Commission. This is a major requirement under section 5 (d) of the Nigeria data Protection Act and non-compliance will be treated as a breach under the law.
According to him, a comprehensive outline of our progress and next steps will be made public though the Nigeria Annual Data Protection Report that would be released at the Annual Anniversary and Award Ceremony scheduled to hold on the 4th of February, 2024.
In line with our tradition, this week, beginning from today 28th of January, 2024, is designated as National Privacy Week.
“We shall be hosting a number of events including but not limited to a capacity building programme, a policy dialogue, the grand finale of our privacy hackathon, Adopt-a-School sensitization events and the 2nd year Anniversary\Award Dinner.
“We must extend our profound gratitude to Dr. Bosun Tijani, the Minister of Communications Innovation and Digital Economy for the unwavering support the Commission has enjoyed under his dynamic leadership.”
He reiterated that the National Data Protection Strategic Roadmap and Action Plan 2023-2027 (NDP-SRAP) comprises 5 pillars and 69 initiatives. The pillars are: Governance, Ecosystem and Technology, Human Capital Development, Collaboration and Cooperation, Funding and Sustainability.
These pillars according to him are in consonance with the 8 presidential priorities targeted by President Bola Ahmed Tinubu and the Strategic Plan of the Federal Ministry of Communications, Innovation and Digital Economy under the able leadership of Dr. Bosun Tijani.