The Nigeria Data Protection Bureau (NDPB) has given organizations and establishments, the 25th of November, 2022 as deadline to submit to the Bureau the technical and organizational measures it is taking to protect personal data.
The above is contained in a notice titled; NATIONAL DATA PROTECTION ADEQUACY PROGRAMME (NaDPAP) WHITELIST (PURSUANT TO SECTION 37 1999 CONSTITUTION OF THE FEDERAL REPUBLIC OF NIGERIA (CFRN) & NIGERIA DATA PROTECTION REGULATION (NDPR) 2019, issued by the Bureau.
According to the notice any organization that fails to comply with the above condition would not be listed on the National Data Protection Adequacy Programme (NaDPAP) Whitelist which would be published on NDPB website, major newspapers, and will be shared with local and international establishments.
To comply with the above directive, organisations are required to do the following:
- Read and understand the NDPR – as it applies to various situations and persons involved in data processing (Article 1.2 of the NDPR. It is available at ndpb.gov.ng);
- Develop and implement a Privacy Policy that is consistent with the NDPR (Articles 2.5 & 4.1(1) of the NDPR);
- Notify your employees, customers and online visitors of your Privacy Policy (Article 3.1(1) of the NDPR);
- Designate at least one or two members of staff as Data Protection Contacts (DPCs). These officers may, after training, become Data Protection Officers (DPOs) for your organization (Article 4.1(2) of the NDPR). Forward the names of your DPCs (not more than 3) to the Bureau for a free Induction Course in Data Protection Regulation Compliance for Nigeria and Economic Community of West African States (ECOWAS) (Article 4.1(3) of the NDPR); if you have already appointed a DPO kindly forward his/her contact details. Forward the soft copy of the details via info@ndpb.gov.ng AND the hard copy to No. 5 Donau Crescent, Maitama Abuja.
- Mandate your service providers (agents, licensees, contactors or howsoever called) to comply with the NDPR. They will, otherwise, remain a weak link in data privacy and protection architecture – thereby creating liability for you. (Article 2.7 of the NDPR)
The Bureau issued the above notice being mindful of the objectives of the Nigeria Data Protection Regulation 2019 (NDPR).which are
- Safeguard the rights of natural persons to data privacy;
- Foster safe conduct for transactions involving the exchange of Personal Data;
- Prevent manipulation of Personal Data; and d) Ensure that Nigerian businesses remain competitive in international trade through the safeguards afforded by a just and equitable legal regulatory framework on data protection.
And the penalty for breach of the NDPR which puts organization and risk as follows:
Penalty which may be as high as 2% of Annual Gross Revenue of the preceding year or payment of the sum of 10 million naira (whichever is greater). In the case of a Data Controller dealing with less than 10,000 Data Subjects, payment of the fine of 1% of the Annual Gross Revenue of the preceding year or payment of the sum of 2 million naira, whichever is greater.
PS: DNL Partners is a licensed Data Protection Compliance Organization (DPCO) and would help your organization comply with the Bureau’s directive within the set deadline. Send an email to info@dnlpartners.com or call 08020710511
Read further:
.