How NITDA can further foster data protection compliance in Nigeria
February 22, 2021714 views0 comments
Data protection is a team sport, and in any team, various players align to achieve a singular goal. In business landscapes, different departmental functions work together to drive business goals.
Therefore, in that light, to create a Nigerian business environment that respects data protection and treat data privacy as a business function and not as an afterthought, NITDA needs to play with other respected players.
Who are these team members that can help NITDA carry out these functions? What information should NITDA be collecting from these organisations? Can NITDA collect this information? How can NITDA determine the companies that fall in the scope of this exercise?
For easy comprehension, I would attend to this question accordingly to explain how this simple action can further foster Nigeria’s data protection compliance fields.
Who are the players NITDA should focus on?
Here, one particular body NITDA can partner with is the Corporate Affairs Commission of Nigeria (CAC). By partnering with the CAC, NITDA can find out registered companies and entities existing in Nigeria. With this particular repository of registered companies, the agency can design a communication framework that sends targeted messages to these companies and remind them of the importance of complying with the Nigeria Data Protection Regulation or serve as a reminder of their federal obligations.
This alignment would also help NITDA find out companies that need data protection officers, companies that need further direction regarding data privacy schemes, and find out companies that intentionally overlook data protection requirements in Nigeria.
Furthermore, NITDA can partner with institutions like the Chartered Institute of Bankers of Nigeria (CIBN) or other industry bodies in Nigeria. In this situation, the best approach would be to advise these groups to mention the importance of data privacy to their members. NITDA can collaborate with these organisations to create a data privacy awareness programme in their bodies, thereby increasing data privacy knowledge in various industries in Nigeria.
What information should NITDA be collecting?
NITDA can collect information on directors in these companies. As this is a federal requirement, NITDA can ride on their national power (yes, NITDA can collect this data) to gather this information with the notion of sending out notifications about data privacy. They can also use this as an avenue to raise awareness, help them with complex data privacy missions, and ease any confusion that might be existing with their business procedures. Many companies still find some aspect of the Nigerian data protection regulation quite complex. This communication would allow NITDA open rooms for discussion with companies to develop Nigeria’s data protection schemas.
How can NITDA determine the companies that fall within scope?
NITDA can find out businesses that fall within this exercise’s scope by their processing functions and their business descriptions. The regulation stipulates that already.
This exercise might sound like an extra administrative burden on the NITDA, who are already doing a fantastic job driving the data privacy missions within Nigeria. However, this would further foster data protection compliance in Nigeria. More importantly, it would also bring other essential players into the picture to contribute their quota in building a business landscape that prioritises Nigerian citizens’ freedoms and rights.