As digital technology becomes more preponderant in Nigeria, data privacy and security concerns of consumers have become serious issues.
SystemSpecs, foremost technology company and developer of Remita, Human Manager and Paylink digital solutions, has brought these issues to the fore during a recent web event on data privacy and the implications of the Nigeria Data Protection Regulation (NDPR) for financial technology stakeholders, organized by FinTechNGR.
During the event, experts emphasized the need for fintech companies to be conversant with data regulations, keep customer data safe and ensure security across all their products and service touch points.
Issued by the National Information Technology Development Agency (‘NITDA’) in January 2019, the NDPR is the main data protection legislation in Nigeria. Made by virtue of the National Information Technology Development Agency Act 2007 (‘the NITDA Act’), it authorises the NITDA to develop guidelines in relation to the exchange of data and information.
The NDPR is also Nigeria’s most comprehensive legislation on the protection of personal data.
It governs the control and processing of personal data of natural persons residing in or outside Nigeria but of Nigerian descent.
According to experts at the event, the regulation also provides guidelines for the roles of the various parties involved in the management and protection of data in Nigeria.
These include the Data Subject (owner of the data), Data Controller (an organization that determines the purposes and means of personal data processing), Data Processor (a legal entity that processes personal data on behalf of the data controller), and the Data Regulator whose responsibility is to monitor the data management process to prevent the violation of the rights of the Data Subject.
According Head of Enterprise Risk Management unit at SystemSpecs, Gbenga Oludaisi, who represented John Obaro, the company’s CEO at the event, the NDPR requires that data processing fulfils certain conditions.
These include the need for the purpose of processing the data to be recognised by regulation and be in the interest of the public as well as the data subject, consent of the data subject, and the performance of an obligation under a contract to which the subject is a party.
“Regulation demands that data controllers ensure that they conduct data audit on a yearly basis and file the result of the audit with NITDA,” Oludaisi said.
The SystemSpecs representative further elucidated on the rights of the data subject with regards to the NDPR.
These include access to data, right to request for modification, right to request for restriction, and right to port from one controller to another.
Other speakers at the event include Abiola Abimbola, Director, Information Security, Nethost Limited, Yetunde Olasope, Head, Legal & Compliance unit, Maxut Consulting Limited’s Data Protection Practice, Franklin Akinsuyi, Director/Chief Data Protection& Privacy Compliance, Data Analytics Privacy Technology, Ltd (DAPT), and Oyesola Diya, Associate, Aelex Legal.