Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Data protection compliance for tech startups
1.
2. CALL FOR APPLICATION
(July 30th – August 28th)
FOR SOFTWARE & HARDWARE
DEVELOPERS
✓ Addressing the metering gap in Lagos
✓ Reducing revenue leakages in the sector
✓ Eliminating estimated billings
✓ Enabling the accurate measurement of
electricity consumption
✓ Driving better electricity supply for everyone.
3. OVERVIEW ON THE USE OF PERSONAL DATA
BY BUSINESSES IN TODAY’S WORLD.
KEY ELEMENTS OF AN NDPR COMPLIANT
PRIVACY POLICY
RIGHTS OF A DATA SUBJECT
ROLE OF THE DPO AND THE DPCO
4. WELCOME TO DATA PROTECTION
COMPLIANCE FOR TECHPRENEURS
AND STARTUPS
5. • Startups are developing innovations to meet needs and
simplify lives. Data is required to achieve this.
DATA IS GOLD
RIGHT?
• The Experience Economy; Consumers want to feel like you
know them - Joseph Pine II and James H. Gilmore
• Use of Data is not in itself bad but it must be used
within the confines of the laws and regulations.
• Companies need to understand what is permissible in
collecting and processing data e.g.
• Can you sell data?
• Can you use data to market other services?
6. Risks Associated With Data Usage?
• Identity theft and fraud
• Credit card counterfeiting
• Nuisance (Phishing attack)
• Manipulation e.g Cambridge analytica
7. WHAT DOES NIGERIA HAVE IN PLACE?
• The Constitution – Right to privacy (section 37)
• Nigeria’s National Information Technology Development Agency
(NITDA) issued the Nigeria Data Protection Regulation (NDPR) in
2019 - similar to the General Data Protection Regulation in the EU
• The NDPR protects Nigerians everywhere (in Nigeria and abroad)
• It aims to ensure the privacy of all Personal Data within the
database of companies.
• Failure to comply would result in a fine of up to N2 million, or 1%
annual global turnover which ever is greater NITDA
NDPR
NDPR
8. any person (other than an employee of the data
controller) who Processes the data on behalf of the
data controller.
WHAT IS PERSONAL DATA?
SOCIAL
MEDIA
ACCOUNT
E-MAIL
ADDRESS
METADATA
IP ADDRESS
MAC
ADDRESS
IMEI
NUMBER
IMSI
NUMBER
Any information relating to an individual that can be
used, directly or indirectly to identify that person.
WHO IS A DATA CONTROLLER?
a person who (either alone or jointly or in common
with other persons) determines the purposes for which
and the manner in which any personal data is, or is to
be processed.
WHO IS A DATA PROCESSOR?
KEY PHRASES TO NOTE AS WE MOVE
ON!
WHO IS A DATA SUBJECT?
Any person whose personal data is
being collected or processed.
9. Lawfulness, transparency (specific purpose)
and fairness
• Data collection and processing must not
breach the law.
• Disclose all purposes for which it is collected.
Accuracy • Ensure your data is accurate.
• Data Subjects have a right of rectification.
Storage Limitation • Only keep for actual length of time required.
• Note sector specific duration.
Data Security • Secure the data in your possession.
Accountability • You are responsible for complying and
demonstrating compliance with the NDPR.
• You are also responsible for the compliance of
third parties.
Confidentiality • Maintain the privacy of data.
6 Principles of NDPR to guide you
10. • Compliance Officer
• Answerable to NITDA
• Report Security breach
• Maintains records of data
• Data Protection Impact Assessment
Data Protection Officers
11. • Auditors
• Licensed by NITDA
• Identify Gaps
• Offer Remediation
Data Protection Compliance Organisation
13. • NDPR mandates that data subject give consent before the Data
Controller collects or processes any data of the Data Subject.
• Consent must be freely given without coercion or undue
influence.
• Consent must be asked explicitly for a clear purpose.
• Consent should not be bundled i.e. when asking for consent for
multiple purposes, the consent for each purpose should be
separate.
• Consent must be recorded
• Consent should require clear and affirmative action from the
user i.e. pre-ticked boxes are not acceptable
Consent
14. • Basis for Collecting Data
• Type of Data and Purpose
• How Data is stored and processed
• If will be transferred to affiliates and whom
• How Data Is protected
• How long it will be kept
Privacy Policy
15. • Right to Access for free
• Right to be forgotten/erasure
• Right to restriction of processing
(unlawful)
• Right to withdraw consent
• Right not to be profiled (cookies) Rights of Data Subjects