The National Information Technology Development Agency (NITDA) has recorded tremendous achievement by creating 2,686 new jobs, according to the statistics showing in the Agency’s first Annual Nigeria Data Protection Regulation (NDPR) Performance Report 2019-2020.
The Report unveiled by Honourable Minister of Communications and Digital Economy, Dr Isa Ali Ibrahim Pantami), has shown that NDPR met the need of the Nigerian environment; indicating that 76% of Data Protection Compliance Organisations (DPCOs) has helped the country in their compliance with the regulation.
Dr Pantami expressed his satisfaction on how NITDA provided requisite support for industry adoption of the NDPR, adding that “I have reviewed the report and I am proud to see that we have through the NDPR, 2,686 job roles, thereby creating massive opportunities for young Nigerians to be recruited as Data Protection Officers, Data Protection Compliance Organisations, Compliance officers among others.
“The DPCOs have also earned over N2 billion in the first year of implementation. This is the intent of our digital economy policy- empowering Nigerians in a way that ensures global competitiveness,” the Minister said.
According to the Minister, NDPR is part of the implementation of National Digital Economy Policy and Strategy (NDEPS) which has eight pillars – Developmental Regulation; Digital Literacy & Skills; Solid Infrastructure; Service Infrastructure; Digital Services Development & Promotion; Soft Infrastructure; Digital Society & Emerging Technologies; and Indigenous Content Development & Adoption.
“The NDPR falls under the first pillar – Developmental Regulation. The objective of this pillar is to ensure an effective regulatory oversight and securing of the information, communication, technology and digital economy space to engender accelerated and inclusive development,” he added.
While making a his remark, the Director General of NITDA, Mallam Kashifu Inuwa Abdullahi, stated that the goal of the report is to give all stakeholders the opportunity to understand how the Agency has fared in the implementation of the NDPR, adding that understanding between industry players would generate further research and provide guidance to other regulators, partners, data controllers, data processors and other stakeholders.
He said NITDA made a compilation of all the organisations who filed their annual audit report for the year 2019.
“Submission of an audit report does not conclusively indicate compliance with all tenets of data protection, this list shows organisations who have complied with the audit filing requirement of the NDPR, which is a key milestone towards compliance. It is important to note that non-filing of the NDPR audit report is a breach of the Regulation,” he said.
Mallam Kashifu added that, “the Report, being the first of its kind is aimed at highlighting key initiatives, successes and challenges of implementing the Regulation. The NDPR being a flagship of the NDEPS, is expected to be used as a learning curve for Nigeria and Africa on how to effectively implement global laws with due consideration of local peculiarities and opportunities.”
The NDPR was issued on 25th January, 2019 pursuant to Section 6(a,c) of the NITDA Act, 2007. The Regulation covers every person subject to the laws of Nigeria, whether resident in Nigeria or not.
It is aimed at safeguarding the rights of persons to privacy; fostering safe conduct for the transactions involving the exchange of personal data; preventing manipulation of personal data; and ensuring that Nigerian businesses remain competitive in international trade through the safeguards afforded by a just and equitable legal regulatory framework.
Since the issuance of the NDPR, Nigeria has turned a significant corner in her drive towards the maturation of the Digital Economy.
The level of compliance is growing as shown in a key compliance indicator which requires the filing of a data audit report by every data controller and processor. Article 4.1(5) of the Regulation requires the filing of an initial data audit report and a subsequent annual audit report by every data controller and processor.
This process has helped NITDA to have an overview of the state of data governance in the reporting entity while also helping government understand requisite intervention points to improve data governance, cyber-security and privacy protection.
In the year under review, NITDA served 51 enforcement notices on data controllers who are perceived to have breached the provisions of the NDPR.
Also, 180 compliance notices were served on Ministries, Departments and Agencies of government, one of which is the Lagos Internal Revenue Service (LIRS) breach.
The LIRS was found to have exposed the personal data of some taxpayers in the process of harmonising historical tax data. NITDA initiated an investigation on LIRS and its major data processor.
A fine of One Million naira (N1,000,000.00) (over $2,500) was imposed on the LIRS.
The decision on fine value was reached after considering the cooperation and prompt remedial actions taken by the LIRS in the course of the investigation.
On the other hand, NITDA has commenced investigation into the activities and operations of seven (7) data controllers as part of its enforcement drive.
The Agency is being mindful of the implications of negative publicity on business, hence refrained from making public statements on breach until the legal and procedural basis has been established.