Nigeria begins implementation of data protection regulation
Defaulters risk N10m fine, sanctions, others
The National Information Technology Development Agency (NITDA) yesterday disclosed that the Nigerian data community came under a new regulation from April 25, 2019.
Its Director General and Chief Executive Officer, Dr. Isa Ali Ibrahim Pantami, revealed that full implementation had commenced in the country consequent upon its issuance and public presentation of the Nigerian data protection regulation on January 25, 2019.
Pantami explained that the dmove seeks to safeguard the rights of Nigerians to data privacy and ensure exchange of personal information in a more safe and secure way .
According to him, it would also prevent manipulation of personal data, and ensure that Nigerian businesses remain competitive globally as data protection remains key requirement in ensuring confidence in business transactions.
Section 6(c) of the NITDA Act of 2007 mandated the agency to develop regulations for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transaction, among others.
Stressing that the act also grants NITDA powers to enforce compliance and penalize defaulters, NITDA disclosed that there are penalties for breaching the regulation, in addition to any other liabilities.
These include payment of two per cent fine of yearly gross revenue of the preceding year of N10 million whichever is greater in case of data controller dealing with more than 10,000 data subjects.
Also, in case of a data controller dealing with less than 10,000 data subjects, payment of one per cent fine on the yearly gross revenue of the preceding year of N2 million, whichever is higher.
Pantami said NITDA noted the interest, inputs and efforts of shareholders in complying with the regulation and to explore the economic and jobs creation potential the regulation presents to the country.
The NITDA CEO urged Nigerians to support the initiative, as their right to privacy was fundamental.
The Guardian learnt that the scope of regulations on the 20-Page Data Protection Regulation document, revealed that the guideline applies to all transactions intended for processing personal data, irrespective of the means by which data processing is conducted.