Most Nigerian non-governmental organisations (NGOs), charities and religious houses overlook the Nigerian Data Protection Regulation. However, NGOs that cannot endure the medicine of the regulation because it is too strong must be content with inefficiency, bungling of data and steadily violating existing local data privacy regulation.
Let us put the reason into perspective. A particular international NGO based in Abuja thinks non-compliant with NDPR is ideal because they are compliant with the EU-GDPR. They fail to understand that NDPR compliance is sacrosanct and indicates that they respect the citizens within Nigeria and the local laws. They also must submit a yearly audit to the Nigerian Data Protection authorities to be compliant.
It is quite surprising that some of these well-intended organisations can damage their reputation with non-compliance to data protection laws. About eighty-one per cent of charities are breached yearly, according to Charity Digital. This report says a lack of interest by NGOs’ and Charity organisation is the primary cause.
There are so many reasons why NGOs and charities must at least comply with NDPR. Being a non-profit organisation does not exempt the institution from having correct data protection frameworks.
The NDPR covers associations and even political parties. There are so many associations within Nigeria, without mentioning names, that neglect the importance of data privacy.
It is just good to practise for every organisation to put in the work necessary to protect and organise data within their possession. Having the right people, process and tools can simplify the data protection complexities.
Clubhouses, whose members contain children, employees, and parents must pay attention to implementing this regulation. The overarching aim of the regulation is to protect the rights and freedoms of Nigerians.
Solid charities and NGOs create suitable data processing methodologies and expand them to cover the interest of contributors and benefactors.
NGOs and charities should pay attention to these areas. Data accuracy is one key area. A Data Protection Officer should be asking when the last time was, they updated data in their systems. One would find out that most charities hold legacy data that they do not need anymore. NGOS must carry out these deletion processes safely and technically.
Some Nigerians complain about giving funds to churches or charity houses and start getting texts that border on pestering. They do not want to receive those kinds of texts anymore but do not know how to stop them. It points to weak consent frameworks. Churches, charity organisations and NGOs need to manage their consent frameworks well.
Consent plays a significant function in these organisations. Certain questions are vital. When was the last time the consent was updated, and how can the members stop receiving messages about contribution?
Some religious houses think they are exempt from aligning with the NDPR too. That is not the case. Any institution that handles personal information or sensitive personal information must adhere to data privacy principles and build a robust information security framework.
These laws may seem cumbersome, but they benefit every institution, and more importantly, to protect every citizen. Therefore, it is in everyone’s best interest to create a safe handling and managing process of data.