The National Information Technology Development Agency (NITDA) has advised businesses in the country to brace up for data protection practices that would be ushered in by the Data Protection Bill 2020 once passed into law.
The Director-General of NITDA, Mr. Kashifu Inuwa gave this advice during the virtual workshop organised for Data Protection Officers (DPOs) of various organisations in the country. According to him, while the Nigeria Data Protection Regulation (NDPR) is currently being enforced, the Data Protection Bill 2020, which is passing through consultation would impose more obligations on companies handling data when it becomes law.
While noting that the workshop was organised as part of NITDA’s strategic engagement to deepen the implementation of the NDPR and the Nigeria Data Protection Bill, he said: “Our goal is to make you have a grasp of what the Bill entails and how you can start preparing your organisation for the coming realities.” The Bill, which is also seeking to establish a Data Protection Commission, is to give legal backing to the NDPR being enforced by the NITDA.
The DG recalled that the current Minister of Communications and Digital Economy, Dr. Isa Pantami, as the then Director-General of NITDA, issued the NDPR on January 25, 2019, pursuant to Section 6(a, c) of the NITDA Act, 2007.
“This visionary move has become a game-changer for the digital economic aspirations of Nigeria. Data Protection falls under Developmental Regulation - the first pillar of the National Digital Economy Policy and Strategy (NDEPS: 2019). This shows the critical place it holds in our desire for a brand new economic paradigm that works for the innovative and hardworking mass of Nigerians,” he said.
Presenting a keynote at the workshop on the roles of Data Protection Officers (DPOs) under the data protection law regime, the Executive Director, Data Protection and Privacy, Mr. Franklin Akinsuyi, said the DPOs in every organisation must understand how to build, implement, & manage data protection programmes. “The more complex or high-risk the data processing activities are, the greater the expertise the DPO will need. They must have in-depth knowledge of the NDPR and they must also have a reasonable understanding of the organisation's technical and organisational structure and be familiar with information technologies and data security,” he said.