By Michael Irene, PhD
Nigerian companies must rebuild their dynamics to not only fit in what is called privacy-by-design but also ensure they maintain a privacy-by-default approach. They must also pay attention to the dynamic of their business and how it factors the Nigerian Data Protection Regulation.
Compliance with GDPR is an opportunity for Nigerian companies to establish and strengthen their strategic partnerships with the EU companies. Aligning on policy matters is often an important step towards fostering deeper relationships with large international organisations located in the EU.
Since the GDPR is deemed as the ‘gold standard’ globally in data protection principles, Nigerian companies that understand the implication of the laws and take appropriate steps that are GDPR compliant will have a business edge.
For example, a Nigerian online company collects the details of holidaying European guests. That business must ensure that safeguard measures to protect the information. This builds trust.
The ability to transfer data internationally will have a distinct advantage economically—increase investment opportunities and increase trade between European and Nigerian companies.
At a minimum, businesses that are oriented towards the regulation and have an “adequate level” of data protection as per GDPR will do business internationally without hassle.
Accountability is a key factor in any data compliance program. The best approach is to carry out a thorough data mapping exercise. What do I mean by this? A data mapping exercise allows any company to identify the information the organisation keeps, where it’s kept, how it moves from one location to another, such as from suppliers and sub-suppliers through to customers.
By carrying out this exercise, the company will be able to review the most effective way of processing data and identify any unforeseen or unintended uses.
The data map will help the company identify these data sets through a series of interviews and questionnaires with key stakeholders.
Using a risk-based approach, the company can rate the risks using a scoring matrix of high, low and medium. This will enable the company to focus on dealing with low hanging fruits that might lead to a breach.
Data protection is expansive in approach and dynamic in practicality. In other words, the field of data protection will continue to shift the goalposts as technology advances, new regulations would spring up to match the growing technological landscape. Companies must brace themselves for an increase in regulatory and auditory steps designed to ensure that personal information is treated with robust technical and organisation measures.
The stakes for businesses will become high and what’s more, for businesses to thrive in these times, they must fashion in various measures that put data protection as a priority. Businesses will need an architecture that can adapt to evolving regulations, wherever they do business.
These are interesting times. Nigerian companies that can build good data protection frameworks, maintain technical and organisation measures in protecting personal information, will win customer trust, avoid breaches and reputational damage. Companies that are slow to act open themselves up for a lot of incidents. History has shown that fundamental human rights matter and as such, it is the social responsibility of private companies and government bodies to ensure that they protect these rights by any means necessary.