Data protection: NITDA moves to sanction defaulters
Companies who have failed to comply with the Nigerian Data Protection Regulations (NDPR) directive on data protection are soon to be sanctioned.
The Nigerian Information Technology Development Agency (NITDA) has communicated its plans to Data Protection Compliance Organisations (DPCOs) to impose sanctions of N2 million fine or the forfeiture of two per cent of the previous year’s gross annual income of companies that breach the directive.
A memo, which emanated from NITDA to the DPCOs, has directed them to forward a list of companies who have audited their data protection practices before October 25, 2019.
NITDA had earlier set the date as the deadline for the submission of the list.
TribuneOnline learnt on Thursday in Abuja that the objective of the data protection regulation is to safeguard the rights of natural persons to data privacy; to foster safe conduct of transactions involving the exchange of personal data; prevent manipulation of data; and ensure that Nigerian businesses remain competitive in international trade, through the safeguards afforded by a just and equitable legal regulatory framework on data protection.
NITDA’s memo to the DPCOs signed by NITDA’s Lead- Regulations Monitoring and Compliance, Olufemi Daniel, read in part: “I am directed to write in respect of your recent Data Audit filings to NITDA. Kindly update NITDA with a table indicating the following:
“1. Name of Organisation,
2. Amount paid
3. Remita Retrieval Reference. For every organisation, you have filed a data audit report for. This information is required for NITDA to be able to generate a comprehensive receipt for your payments and to ensure transparency of the process.
“You are also kindly requested to give us a list of every organisation you are currently working with and an estimated time to file the audit report.
“Kindly ensure this report reaches us on or before Tuesday 5th November 2019.”
It was gathered that the NITDA’s memo to the DPCOs became necessary to ensure that the objectives of data protection and regulations are complied within the interest of individuals, businesses and the country.
A source close to the agency asserted: “The memo is in preparation for moves to investigate and sanction non-compliant companies. Sanctions for failure to comply with the NDPR include a penalty of up to 2 Million Naira or 2% of a company’s gross earnings for the previous year.”
NITDA has recently disclosed its intention to probe the privacy practices of the popular phone application, Truecaller, in Nigeria.