By Seun Adams
The National Commissioner, Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, has said disclosed that over seven banks and corporate entities paid fines amounting to over N200 million as a result of breaches of the country’s data protection and privacy laws.
Briefing the media on Monday in Abuja, on the implementation of the Act 2023, he reiterated that it is in the certainty of the law that the Commission can begin to put in place the building blocks of a sustainable digital economy.
He said: “To all intents and purpose, we have crossed a significant threshold in the frontiers of the 4th Industrial Revolution; we are now at the decisive arena where duty of care and standard of care expected of everyone in the data processing ecosystem are laid down in a principal legislation: the Nigeria Data Protection Act (NDPA) 2023.)
Olatunji, said President Bola Tinubu, has set an achievable target of creating 1 million jobs through the digital economy sector, adding that he has signed the data protection law that will inspire trust for jobs to be created.
On job creation, he said measures are being put in place to create 500, 000 jobs in data protection ecosystem, which is 50% of the job creation target for the sector.
According to him, at the core of the NDPR is the essence of respect for the personal data of our citizens, respect for privacy, and respect for digital rights. This respect is now solidly etched in the NDPA.
“The change in legislation is not merely an addendum to our law books; it is a transformative stride towards shaping a culture where the protection of personal data is a cherished principle and an inviolable obligation.
“The move to make data protection a statutory requirement means every organization, big or small, must cooperate with government and also ‘walk the talk’ in the interest of our dear nation.
“This development should not be seen as a burden; rather, let us view it as an exciting journey towards gaining trust, building robust data protection structures, and strengthening our standing in the global digital economy landscape.
“This journey towards nationwide compliance will be guided by several key initiatives and future developments.” He said.
The Commissioner, pledged that within the last two quarters of this year, the Commission will vigorously pursue public awareness campaigns, putting into cognizance that awareness is the first step towards compliance.
He said: “We will be expanding our active public awareness campaigns to educate and empower organizations and individuals as regards their roles, rights, and responsibilities under the Act.”
On the development of implementation framework, he added that because, standardization is vital, that the commission will be developing a standardized framework for implementation, ensuring consistency and clarity across all sectors.
This will involve guidance notices on key provisions of the law particularly those that relate to lawful basis of data processing, data subjects’ rights, compliance audit returns and cross-border data transfer, he explained.
On training, he said: “Our DPOs are the frontline soldiers in this endeavour. We will improve capacity-building opportunities for DPOs enrolled under the National Data Protection Adequacy Programme (NaDAP), thereby enhancing their ability to lead their organizations towards compliance.
“Issuance of DPCO Practice Guidelines and Sectorial Guidance Notices: We will strengthen our regulatory frameworks for DPCOs and issue sector-specific guidelines particularly for financial and telecom sectors. The objective is to provide agile frameworks that address peculiar vulnerabilities, risks and opportunities on the one hand, and on the other hand provide clear path for compliance.”
Considering the increase in the demand of compliances services, more DPCOs will be licensed to provide services and make the ecosystem competitive, he added.
“Upscale of Registration Process: In the digital age, ease of processes is crucial. We will upscale the registration process for data controllers and data processors, simplifying compliance pathways and encouraging participation.
“Compliance Audit Filing Calendar: We will also introduce a definite calendar for filing annual Compliance Audit Returns. Our target is January to December.
“Organizations will have opportunity to file within the first quarter of each. The current dispensation of compliance under NDPR will be completed and only those who are compliant will be eligible for inclusion on the NaDPAP Whitelist. This will also enable organizations to be up-to-date with their compliance obligations.” The Commissioner said.
According to him, these initiatives underscore our commitment to ensuring that all Nigerian organisations become NDPA compliant, adding this is not just about following a new set of rules, but about embracing a new era of data protection where respect for personal data becomes an integral part of our national ethos.