The National Information Technology Development Agency (NITDA) has created a unique implementation structure for the Nigeria Data Protection Regulation (NDPR).
NITDA had issued a draft Data Protection Guideline since 2013, with the objective of providing a basic law to guide the use of data in the digital space.
However, when the EU GDPR was issued in 2016, the then Director General of NITDA, Dr. Isa Ali Ibrahim Pantami, constituted a team to review the draft guideline in the light of global developments and also to provide Nigerians with a practicable law for its implementation.
The team made a couple of brilliant recommendations and got necessary assistance from law firms, GDPR consultants and some multinationals that made inputs through the NITDA Rule Making process.
After exhausting the consultative process, the Agency issued the NDPR on 25th January, 2019.
The NDPR, is designed to meet the global, especially GDPR principles on data protection, and also provides unique and innovative implementation frameworks that has made it a point of reference in Africa and beyond.
Unlike the GDPR and other laws, NDPR creates a set of licensees who have proven expertise in data protection implementation.
The Director General of NITDA, Kashifu Inuwa Abdullahi speaking on the sideline of Privacy Week 2021, said that the licensees referred to as Data Protection Compliance Organizations (DPCOs) are meant to provide data protection compliance, audit, training and related services to all Data Controllers and Processors.
“So far, we have licensed seventy DPCOs and have received many more applications which are currently being treated.
“This strategy has recorded compliance from many organizations than could be imagined. For instance, our audit reports for the period 2019-2020 shows the percentage of compliance among the number of filing entities.
On compliance level, the NITDA boss revealed the top sectors in compliance to the NDPR provisions. They include
- Financial Services – 35%
- Fast Moving Consumer Goods – 14%
- Energy – 10%
- Consultancy – 9%
- ICT – 8%
- Transport and logistics – 5%
- Others – 19%
“However, with the direction we are moving on NDPR audit compliance filing, we are very glad that we have set out in the right way. Our strategy of licensing DPCOs is yielding bounteous fruits as Nigeria now has more data protection experts per capita than any other African country. Our survey also reveals that wealth is being generated through the DPCO scheme. Interestingly, this aligns with President’s Muhammadu Buhari’s vision to diversify the economy, create sustainable jobs and develop the digital economy.
“Aside from the compliance focus, we have also inaugurated the Data Breach Investigation Team (DBIT). This team is made up of IT Professionals, Lawyers and the Police Force. Their assignment is to investigate allegations of breach and make recommendations of actions to be taken on each case, through the Implementation Committee.
“The Police team is also empowered to invite, arrest, interrogate and prosecute erring offenders.
Abdullahi also spoke on the ‘legal and political structure for NDPR sustainability’, thus, “NITDA, through the support of its parent Ministry, has done a lot to give legal and political credence to the NDPR. Section 6(c) of the NITDA Act 2007 mandates the Agency to develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information. Here, NITDA’s strategy is to create a workable, credible implementation process that would assist the National Assembly in its quest to pass a Data Protection Bill”.
“We are proud to say the NDPR implementation has the most robust consultative process in our recent history as a nation. This autochthonous approach has deepened the NDPR more than we could have imagined”.