Nigerian Government through the National Information Technology Development Agency, NITDA, has reminded all data controllers and processors in the country that the deadline for the filing of their annual data audit report remains 15th March, 2021.
The Director-General of NITDA, Abdullahi Inuwa, warned that non-filing of the report is a punishable offence which the agency is set to fully enforce this year.
This was contained in the DG’s opening speech at the National Privacy Week 2021 press conference and the unveiling of the week’s activities.
The press conference, according to the DG was intended to update Nigerians on where NITDA is in terms of the Data Protection Regulation implementation and its projections for 2021.
Recall that the agency had issued a draft Data Protection Guideline since 2013, with the objective of providing a basic law to guide the use of data in the digital space.
However, when the EU GDPR was issued in 2016, the then Director General of NITDA, Dr. Isa Ali Ibrahim Pantami, constituted a team to review the draft guideline in the light of global developments and also to provide Nigerians with a practicable law for its implementation.
The team made a couple of brilliant recommendations and got necessary assistance from law firms, GDPR consultants and some multinationals that made inputs through the NITDA Rule Making process.
After exhausting the consultative process, the Agency issued the Nigeria Data Protection Regulation (NDPR) on 25th January, 2019.
The NDPR, is designed to meet the global, especially GDPR principles on data protection, and also provides unique and innovative implementation frameworks that has made it a point of reference in Africa and beyond.
The DG said that following the issuance of the regulation, NITDA has taken a number of steps in line with its implementation strategy.
According to him, this steps include: “Sustained Public Awareness.
He said NITDA is not oblivious of the information deficit of most Nigerians as regards the issue of data protection.
“We realized that wielding the big stick without adequate awareness would lead to apathy and, or rebellion. Thus, our first task was to embark on series of public awareness campaigns.
“We achieved massive media awareness between May and October 2019. So far, we are the first country in Africa to dedicate a whole week to public awareness on data privacy protection.
“Our first privacy week held from 23rd – 28th January, 2020, and on a regular basis, we issue press statements and opinions. As an organization, our officers have made presentations in over 105 events, workshops and seminars since 2019.
“Also, we have treated 1,200 questions, request for clarification and other enquiries from the public on the issue of data protection.
“Through our dynamic Implementation Committee, we have organized Media Executives’ training and workshops for Data Protection Compliance Organizations (DPCO), Data Protection Officers, Data Breach Investigation Team (DBIT), Police Enforcement Team, and select NITDA staff, in-house workshop for major multinationals, Regulators and industry associations.
“Implementation Structure NITDA has created a unique implementation structure for the NDPR. Unlike the GDPR and other laws, NDPR creates a set of licensees who have proven expertise in data protection implementation.
“These DPCOs are licensed to provide data protection compliance, audit, training and related services to all Data Controllers and Processors. So far, we have licensed seventy DPCOs and have received many more applications which are currently being treated.
“This strategy has recorded compliance from many organizations than could be imagined. For instance, our audit reports for the period 2019-2020 shows the percentage of compliance among the number of filing entities.
These sectors includes: Financial Services – 35%, Fast Moving Consumer Goods – 14%, Energy – 10%
Consultancy – 9%, ICT – 8%, Transport and logistics – 5%, Others – 19%.
”However, with the direction we are moving on NDPR audit compliance filing, we are very glad that we have set out in the right way.
“Our strategy of licensing DPCOs is yielding bounteous fruits as Nigeria now has more data protection experts per capita than any other African country.
“Our survey also reveals that wealth is being generated through the DPCO scheme. Interestingly, this aligns with President’s Muhammadu Buhari’s vision to diversify the economy, create sustainable jobs and develop the digital economy.
“Aside from the compliance focus, we have also inaugurated the Data Breach Investigation Team (DBIT). This team is made up of IT Professionals, Lawyers and the Police Force.
“Their assignment is to investigate allegations of breach and make recommendations of actions to be taken on each case, through the Implementation Committee.
The Police team is also empowered to invite, arrest, interrogate and prosecute erring offenders.
“NITDA, through the support of its parent Ministry, has done a lot to give legal and political credence to the NDPR. Section 6(c) of the NITDA Act 2007 mandates the Agency to develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information.
“Here, NITDA’s strategy is to create a workable, credible implementation process that would assist the National Assembly in its quest to pass a Data Protection Bill.
“We are proud to say the NDPR implementation has the most robust consultative process in our recent history as a nation. This autochthonous approach has deepened the NDPR more than we could have imagined.
“Permit me to shed light on some strategic steps being taken by NITDA to continue the strengthening of the NDPR implementation in Nigeria.
“In March 2020, NITDA, on the recommendation of the Honourable Minister of Communications and Digital Economy was selected as a member of the Technical Working Group on Data Protection Laws Harmonization and Localization in Africa hosted by the African Union Commission with support from the European Union Commission. Nigeria was appointed as the Vice Chair of this very important group.
“The confidence reposed in us by the African and European Unions has been justified by our experiential, collegial and intellectual inputs to the process which has endeared us to our sister countries. The import of this is that, NITDA has begun to open the doors for our private sector players to venture to other countries to replicate the moderate success we have achieved thus far.
“One of our DPCOs organized the 1st Africa Data Protection Conclave that had speakers and attendees from all over Africa and beyond.
“In December 2020, NITDA was appointed as full member of the Common Thread Network (CTN). CTN is a network of Commonwealth nations’ data protection authorities. The CTN is hosted by the UK Information Commissioner’s Office.
“This strategic alliance would provide needed support in capacity development, mentoring, and cross border enforcement. The impact of this development will be amazingly limitless.
While we await the passage of the Data Protection Bill, NITDA will continue to lay necessary structures to deepen data protection implementation in Nigeria.
“In light of the above, permit me to present some of our visions for year 2021 as follows: Development of sectorial implementation toolkits – The objective here is to get sector stakeholders to agree on a single, workable template for compliance in their sector.
“Standardization of NDPR courses and trainings – We shall engage vigorous and experienced Nigerian based institutions that would help us standardize and accredit data protection and information security training and certification. We hope to develop a multi-billion naira sector that would create thousands of jobs for trainers, content providers and other professionals.
“We are also going to rejig our enforcement mechanism to improve compliance. COVID-19 slowed down our enforcement vision in 2020, but we are going to redouble our efforts in this direction as data protection has become a pivot for the continued growth of the digital economy.
“Like every other noble task, the implementation of the NDPR has been faced with some challenges. For instance, our publicity and awareness still needs more improvement. We will work more with you, the media to upscale our efforts.
“Another issue is capacity. While we have a few very dedicated staff, we still need a lot of capacity development and cross-breeding of ideas. We hope to get more partnership and support this year in order to fill this gap.
“Enforcement is another sour point. Our current efforts at enforcement is salutary but not nearly enough. We are considering all options to ensure we do not kill businesses, while also ensuring businesses do not kill Nigerians through wanton abuse of their data.
“I want to use this opportunity to remind all data controllers and processors that the deadline for the filing of their annual data audit report is 15th March, 2021. Non-filing is a punishable offence, and we are set to fully enforce this provision this year.”