Nigeria Data Protection Act 2023: A Transformative Stride Towards An Improved Data Processing Ecosystem – NDPC Assures
The Nigeria Data Protection Commission (NDPC) has voiced its concern over the interpretation of the Nigeria Data Protection Act (NDPA) 2023 by a cross section of Nigerians.
President Ahmed Bola Tinubu on June 12, 2023 signed the Nigeria Data Protection Bill, 2023, into law.
The Nigeria Data Protection Act 2023 provides a legal framework for protecting personal information and the practice of data protection in Nigeria.
Amid the excitement and elation that greeted President Tinubu’s approval, there are growing concerns that Nigerians are very much at sea with regards to what the Data Processing System does entail.
Speaking at a Press Conference in Abuja on Monday, June 19 2023, the National Commissioner, Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji stated that the regulation constitutes the missing piece of the jigsaw as the nation looks to put in place the building blocks of a sustainable Digital Economy.
He added that having a principal law would offer Nigeria the opportunity to do business with other nationals who prior to this period might have been sceptical about the safety and protection of data in the country.
He further remarked that the implementation of the Nigeria Data Protection Act 2023 requires a whole-of-society approach towards achieving a new era of data protection where respect for personal data becomes an integral part of the national ethos.
“The move to make data protection a statutory requirement means every organization, big or small, must cooperate with the government and also ‘walk the talk’ in the interest of our dear nation.
“This development should not be seen as a burden; rather, let us view it as an exciting journey towards gaining trust, building robust data protection structures, and strengthening our standing in the global digital economy landscape.
“This journey towards nationwide compliance will be guided by several key initiatives and future developments. Within the last two quarters of this year, we are vigorously pursuing the following targets:
Public Awareness Campaigns: We understand that awareness is the first step towards compliance. Therefore, we will be expanding our active public awareness campaigns to educate and empower organizations and individuals as regards their roles, rights, and responsibilities under the Act.
Development of Implementation Framework: Standardization is vital. Hence, we will be developing a standardized framework for implementation, ensuring consistency and clarity across all sectors. This will involve guidance notices on key provisions of the law particularly those that relate to the lawful basis of data processing, data subjects rights, compliance audit returns and cross-border data transfer.
Capacity-building for Data Protection Officers (DPOs): Our DPOs are the frontline soldiers in this endeavour. We will improve capacity-building opportunities for DPOs enrolled under the National Data Protection Adequacy Programme (NaDAP), thereby enhancing their ability to lead their organizations towards compliance.
Issuance of DPCO Practice Guidelines and Sectorial Guidance Notices: We will strengthen our regulatory frameworks for DPCOs and issue sector-specific guidelines particularly for financial and telecom sectors. The objective is to provide agile frameworks that address peculiar vulnerabilities, risks and opportunities on the one hand, and on the other hand provide a clear path for compliance. Considering the increase in the demand complainces services, more DPCOs will be licensed to provide services and make the ecosystem competitive.
Upscale of Registration Process: In the digital age, ease of processes is crucial. We will upscale the registration process for data controllers and data processors, simplifying compliance pathways and encouraging participation.
Compliance Audit Filing Calendar: We will also introduce a definite calendar forfiling annual Compliance Audit Returns. Our target is January to December. Organizations will have the opportunity to file within the first quarter of each. The current dispensation of compliance under NDPR will be completed and only those who are compliant will be eligible for inclusion on the NaDPAP Whitelist. This will also enable organizations to be up-to-date with their compliance obligations.