The Federal Government of Nigeria has so far realised a total of N12.6 million from organisations filing for the Nigeria Data Protection Regulation (NDPR) audit report in the last one year. This came as 635 organisations in the country filed their statutory audit reports with the National Information Technology Development Agency (NITDA).
The NDPR audit market, NITDA said, has been valued at N2.2 billion, which means that the country is just scratching the surface with the current level of compliance.
According to the one-year performance report of the NDPR released by NITDA, organisations in the financial services sector have the highest record of compliance with the regulation, which came into force in 2019 to protect data of Nigerians. The financial services sector accounted for 36.3 per cent of the compliance recorded so far.
NITDA in the performance report said the implementation of the NDPR has created a total of 2,686 jobs in the last one year. It added that 15 investigations had been conducted on alleged data breaches, while one investigation had been concluded.
Giving further details on the enforcement activities in the last one year NITDA stated: “In the year under review, NITDA served 51 enforcement notices on data controllers who are perceived to have breached the provisions of the NDPR. Also, 180 compliance notices were served on Ministries, Departments and Agencies of government, one of which is the Lagos Internal Revenue Service (LIRS) breach.
“The LIRS was found to have exposed the personal data of some taxpayers in the process of harmonising historical tax data. NITDA initiated an investigation on LIRS and its major data processor. A fine of One Million Naira (N1,000,000.00) was imposed on the LIRS. The decision on fine value was reached after considering the cooperation and prompt remedial actions taken by the LIRS in the course of the investigation.”
The agency said it had also commenced investigations into the activities and operations of seven data controllers as part of its enforcement drive. “NITDA being mindful of the implications of negative publicity on business has refrained from making public statements on breach until the legal and procedural basis has been established,” it said.
It added that NITDA and the CBN had engaged in a series of meetings to explore the possibilities of harmonising and deepening data protection compliance in the banking sector. This, NITDA said, is bearing fruit already as the financial sector recorded the highest level of data audit report filing, accounting for 36.3 per cent of total filings.
The Director-General of NITDA, Mr. Kashifu Inuwa, however, noted that like most data protection authorities, NITDA has been hampered by lack of adequate funds, human resource and capacity to fully execute the huge mandate vested on it. He added that the NDPR as subsidiary legislation also has limitations in terms of enforcement powers.
“Another challenge is the uneven awareness of the regulation. Over 93 per cent of organisations that filed the statutory audit report are based in Nigeria’s largest commercial centre- Lagos, while other parts of the country are yet to appreciate the impact of the NDPR on their operations. Furthermore, public institutions have been slow in compliance with the NDPR. This however has started changing going by the number of enquiries and request for support NITDA has received,” he said.