Association of Telecommunication Companies of Nigeria (ATCON), has called on organisations to implement the Nigeria Data Protection Regulation 2019, to guard their businesses against the activities of cyber criminals.
On 25 January 2019, the NDPR was issued by the National Information Technology Development Agency (“NITDA”), the ICT regulator for the nation.
The President of ATCON, Engr. Olusola Teniola, reiterated that NDPR aims at protecting and guarantying the safety of all users of web from the unscrupulous people who use their knowledge to defraud and cheat people who are genuinely transacting business over different websites (public and private).
Engr. Teniola was speaking during a virtual meeting put together by ATCON in conjunction with NetHost Nigeria Limited to create awareness and encourage members of ATCON to implement the Nigeria Data Protection Regulation.
He said, “ATCON partners with this company in order to prevent our members from running against the Nigeria Data Protection Regulation 2019.
“As we all know the Regulation aims at protecting and guarantying the safety of all users of web from the unscrupulous people who use their knowledge to defraud and cheat people who are genuinely transacting business over different websites (public and private).
“It should also be emphasized that data is now the new gold and it must be treated accordingly, ATCON embarked on the awareness and implementation of the data protection regulation because of its strategic importance to our members businesses and to reduce or prevent cybercrimes by ensuring the safety and protection of Nigerians digital details on the world wide web as the failure to give adequate protection to data could be very devastating and costly to individuals and businesses.
“We commend Mr Inuwa Kashifu Abdullahi, Director General/CEO, National Information Technology Development Agency (NITDA) for putting the document together for the benefits of Nigerians who have moved their physical transactions online.
In his presentation, Dr Abiola Abimbola, the director of Information Security at NetHost Nigeria Limited, a Data Protection Compliance Organization (DPCO), emphasised why every organisation should incorporate NDPR guidelines in their data management policies.
He stressed that “personal data” in NDPR is similar to that of other African countries and the General Data Protection Regulation (GDPR).
He said that by definition, personal data further provides examples of personally identifiable information and includes MAC addresses, IP addresses, IMEI numbers, IMSI numbers and SIM numbers. NITDA considers that the personal data of deceased data subjects falls within the scope of the Regulation and can be enforced by their estate.
Similarly, the concept of “processing” is broadly construed and it includes inter alia data collection, recording or consultation.
This means, for example, that any operation tending to anonymise personal data, through encryption, anonymisation, pseudonymisation, hashing, scrambling prior to using the data for behavioural analyses or statistics, constitutes a processing activity and falls within the scope of the regulation.
he said the same applies to any remote access or remote visualisation by, for instance, an IT support service provider, even if the data is not hosted on its systems.
He encouraged organisations to engage Data Protection Compliance Organisations (“DPCOs”) which are consulting firms, audit firms, law firms etc, that have been licensed by NITDA to provide training, auditing, and consulting services throughout the country.