BY SEUN JOSEPH
The Federal Government through the National Information Technology Development Agency (NITDA), has pledged to create a multi-billion business opportunities for Nigerians through deepening data protection implementation in the country.
While briefing stakeholders and journalists at its National Privacy Week and its 2021 vision in Abuja, the agency’s Director General, Mallam Kashifu Abdullahi, reminded data controllers and processors that the deadline for the filing of their annual data audit report is 15th March.
He acknowledged that NITDA is awaiting the passage of the Data Protection Bill which is before the National Assembly, stressing that non-filing of the audit report remains a punishable offence.
The DG said: “Permit me to present some of our visions for 2021 as follows: Development of sectorial implementation toolkits – The objective here is to get sector stakeholders to agree on a single, workable template for compliance in their sector.
“Standardization of NDPR courses and training – We shall engage vigorous and experienced Nigerian based institutions that would help us standardize and accredit data protection and information security training and certification.
“We hope to develop a multi-billion naira sector that would create thousands of jobs for trainers, content providers and other professionals.
Abdullahi, acknowledged that the year 2020 was a year like no other, as it was characterized by a wave of global pandemic with its attendant mishaps.
On the regulation for the implementation of Data Protection, he said: “I am most delighted to welcome you to this virtual press conference, which is intended to give Nigerians an update on where we are in terms of the Data Protection Regulation implementation and our projections for 2021.”
According to him, NITDA had issued a draft Data Protection guideline since 2013, with the objective of providing a basic law to guide the use of data in the digital space.
However, when the EU GDPR was issued in 2016, the then Director General of NITDA, Dr. Ibrahim Pantami, who is now the Minister supervising the Communications and Digital Economy Ministry constituted a team to review the draft guideline in the light of global developments and also to provide Nigerians with a practicable law for its implementation.
The team, he added, made a couple of brilliant recommendations and got necessary assistance from law firms, GDPR consultants and some multinationals that made inputs through the NITDA rule making process.
After exhausting the consultative process, the agency issued the Nigeria Data Protection Regulation (NDPR) on 25th January, 2019, the DG said.
According to him, the NDPR, is designed to meet the global, especially GDPR principles on data protection, and also provides unique and innovative implementation frameworks that have made it a point of reference in Africa and beyond.
Abdullahi, said: “Following the issuance of the regulation, NITDA has taken a number of steps in line with its implementation strategy. Permit me to summarize these steps as follows: Sustained public awareness, NITDA is not oblivious of the information deficit of most Nigerians as regards the issue of data protection.
“We realized that wielding the big stick without adequate awareness would lead to apathy and, or rebellion. Thus, our first task was to embark on a series of public awareness campaigns. We achieved massive media awareness between May and October 2019.
“So far, we are the first country in Africa to dedicate a whole week to public awareness on data privacy protection.”
According to him, NITDA first privacy week was held from 23rd – 28th January, last year, adding that on a regular basis, the agency issued press statements and opinions.
As an organization, he said NITDA officers have made presentations in over 105 events, workshops and seminars since 2019. Also, we have treated 1,200 questions, requests for clarification and other inquiries from the public on the issue of data protection.
Through our implementation committee, we have organized media executives’ training and workshops for Data Protection Compliance Organizations (DPCOs), Data Protection Officers (DPOs), Data Breach Investigation Team (DBIT), Police Enforcement Team (PET) and select NITDA staff, in-house workshop for major multinationals, regulators and industry associations, the DG, said.
On the implementation structure, he explained that NITDA has created a unique implementation structure for the NDPR, unlike the GDPR and other laws, NDPR creates a set of licensees who have proven expertise in data protection implementation. These DPCOs are licensed to provide data protection compliance, audit, training and related services to all data controllers and processors. So far, we have licensed seventy DPCOs and have received many more applications which are currently being treated.
“This strategy has recorded compliance from many organizations than could be imagined. For instance, our audit reports for the period 2019-2020 shows the percentage of compliance among the number of filing entities.
“These sectors includes: Financial Services – 35%, fast moving consumer goods – 14%, energy – 10%, consultancy – 9%, ICT – 8%, transport and logistics – 5%, others – 19%. However, with the direction we are moving on NDPR audit compliance filing, we are very glad that we have set out in the right way.
“Our strategy of licensing DPCOs is yielding bounteous fruits as Nigeria now has more data protection experts per capita than any other African country.
“Survey also reveals that wealth is being generated through the DPCO scheme. Interestingly, this aligns with President’s Muhammadu Buhari’s vision to diversify the economy, create sustainable jobs and develop the digital economy.” Abdullahi, said.
Aside from the compliance focus, he further added that NITDA has inaugurated the Data Breach Investigation Team (DBIT). This team according to him, is made up of IT Professionals, Lawyers and the Police Force. Their assignment is to investigate allegations of breach and make recommendations of actions to be taken on each case, through the implementation committee.
The DG, said: “The Police team is also empowered to invite, arrest, interrogate and prosecute erring offenders, while the Legal and Political Structure for Sustainability.
“NITDA, through the support of its parent Ministry, has done a lot to give legal and political credence to the NDPR. Section 6(c) of the NITDA Act 2007 mandates the agency to develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information.
“Here, NITDA’s strategy is to create a workable, credible implementation process that would assist the National Assembly in its quest to pass a Data Protection Bill.
“We are proud to say the NDPR implementation has the most robust consultative process in our recent history as a nation. This local content or indigenous approach has deepened the NDPR more than we could have imagined.”
On strategic steps being taken by NITDA to continue the strengthening of the NDPR implementation in Nigeria, he said: “In March 2020, NITDA, on the recommendation of the Minister was selected as a member of the technical working group on Data Protection Laws Harmonization and Localization in Africa hosted by the African Union Commission with support from the European Union (EU) Commission. Nigeria was appointed as the Vice Chair of this very important group.
“The confidence reposed in us by the African and European Unions has been justified by our experiential, collegial and intellectual inputs to the process which has endeared us to our sister countries. The import of this is that, NITDA has begun to open the doors for our private sector players to venture to other countries to replicate the moderate success we have achieved thus far. One of our DPCOs organized the 1st Africa Data Protection Conclave that had speakers and attendees from all over Africa and beyond.
“In December 2020, NITDA was appointed as full member of the Common Thread Network (CTN). CTN is a network of Commonwealth nations’ data protection authorities. The CTN is hosted by the UK Information Commissioner’s Office. This strategic alliance would provide needed support in capacity development, mentoring, and cross border enforcement. The impact of this development will be amazingly limitless.
“While we await the passage of the Data Protection Bill, NITDA will continue to lay necessary structures to deepen data protection implementation in Nigeria.”
On agency’s visions for 2021, he harped on the development of sectorial implementation toolkits, the objective according to him, is to get sector stakeholders to agree on a single, workable template for compliance in their sector.
He added: “Standardization of NDPR courses and trainings – We shall engage vigorous and experienced Nigerian based institutions that would help us standardize and accredit data protection and information security training and certification.
“We hope to develop a multi-billion naira sector that would create thousands of jobs for trainers, content providers and other professionals.
“We are also going to rejig our enforcement mechanism to improve compliance. COVID-19 slowed down our enforcement vision in 2020, but we are going to redouble our efforts in this direction as data protection has become a pivot for the continued growth of the digital economy.
“Like every other noble task, the implementation of the NDPR has been faced with some challenges. For instance, our publicity and awareness still needs more improvement.
“We will work more with you, the media to upscale our efforts. Another issue is capacity. While we have a few very dedicated staff, we still need a lot of capacity development and cross-breeding of ideas. We hope to get more partnership and support this year in order to fill this gap.
“Our current efforts at enforcement are salutary but not nearly enough. We are considering all options to ensure we do not kill businesses, while also ensuring businesses do not kill Nigerians through wanton abuse of their data.”
He reminded all data controllers and processors that the deadline for the filing of their annual data audit report is 15th March, 2021. Non-filing is a punishable offence and we are set to fully enforce this provision this year.