SlideShare a Scribd company logo
1 of 23
Download to read offline
Make it Real
December 23rd, 2019
Ife Akinseinde
(Research)
CAVIDEL Limited
Block B12, Flat 402
1004 Housing Estate
Victoria Island
Lagos
Tel: 09067354599
Email: ife.akinseinde@cavidel.com
Website: www.cavidel.com
Data Protection Regulation in Nigeria
Make it Real
Personal Data
"Personal Data" means any information relating
to an identified or identifiable natural person,
which could include one or more factors specific
to the stated identity
Physical
Cultural
Economic
Mental
Genetic
Psychological
Social
Make it Real
Personal Data
o Employee information as managed by HR
o Customer and subscribers data
o Vendors, suppliers and services providers
information
o Business contracts
o Clients (corporate or personal)
o Post on social media websites
o Marketing activities
o Others who get in touch with us,
o Recruitment applicants
o Visitors to our office
o Name
o Contact information – phone number, email
address
o Location information - address
o Financial information – bank details, BVN
o Transaction history
o Gender
o Ethnicity
o Health records
o Photograph
Make it Real
Why Data
Protection
Make it Real
GDPR
Nigeria
Make it Real
o National InformationTechnology
DevelopmentAgency
o Implement & monitor Nigeria’s IT policy
o ElectronicGovernance
o Regulate electronic data, usage and
exchange of information
NITDA
o Data Protection Bill has been passed for
us to have a law on data protection
o NationalAssembly has not signed it –
awaiting approver
Not A LawYet
o Privacy and protection of Personal Data
o Grave consequences of leaving Personal Data
processing unregulated
o NITDA issued the Nigeria Data Protection
Regulation (NDPR) – January 25th 2019
o NDPR to protect data collection, processing and
administration
NITDA Data Protection
Regulation
o NDPR was modelled after the European
Union Data Protection Law.
o To safeguard the rights of natural persons to
data privacy
o To foster safe conduct for transactions
involving the exchange of Personal Data
o To prevent manipulation of Personal Data
o To ensure that Nigerian businesses remain
competitive in international trade through the
safe-guards afforded by a sound data
protection regulation.
Objectives
NITDA Data Protection
Regulation
Governing Body
Make it Real
Data
Protection
Governance
Application
The Regulation applies to all
o residents of Nigeria,
o citizens of Nigeria residing outside of Nigeria,
o organizations processing personal data of
such individuals.
Make it Real
Data
Processing
Principles
Consent has been given by the data
subject
If the processing is necessary for
performance of a contract
Compliance with a legal obligation
To protect the vital interests of the
data subject
Performance of task is carried out in
public interest
Make it Real
Clarity of
Privacy Organisations must display a
simple, clear and easily
understandable privacy policy that
data subject being targeted can
understand
Make it Real
Privacy
Cont’d
Transparency
Within three months of the issuance of the
Regulation, all public and private organizations in
Nigeria that process personal data must make
available to the general public their data
protection policies, which must comply with the
Regulation
Make it Real
Explicit
Consent
Consent is of the lawful basis for obtaining and processing personal data
Consent must be informed, freely given and unambiguous
Consent must not be obtained by fraud, misrepresentation, coercion or under influence
Any Data consent given must also be freely and easily withdrawn at any time by the Data User or Subject
without any explanation for the withdrawal proffered.
Make it Real
DataSecurity
Setup firewalls Implement access controls
Encrypt personal data
• Data encryption technologies
Developing internal policies
• Protecting theft, cyber attack,
manipulations, environmental
hazards etc..
Make it Real
Rights of a
DataSubject
Have their personal data corrected
Restrict the processing of their personal data
where certain criteria are met
Withdraw consent to the processing of their
personal data
Lodge a complaint with the NITDA or another
relevant regulator
Object to the processing of their personal data
for marketing purposes
Access their personal data and have the data
transferred to another data controller where
feasible
Obtain information about the processing of
their personal data
Have their personal data deleted where
certain criteria are met
Make it Real
International
DataTransfers
Transfers of personal data out of Nigeria
may take place only if certain specified criteria are met
NIDTA has decided that the affected country ensures
adequate data protection.
Transfer activities are subject to supervision of the
HonourableAttorney General of the Federation.
Make it Real
Motives
Improper Motives
Prohibited
No consent shall be sought, given or
accepted in any circumstances that may
engender propagation of atrocities, hate,
child rights violation, criminal and anti-
social acts
Make it Real
Contract
Third Party Contract
Data processing by a third party must be
governed by a written contract between the
third party and the data controller
Make it Real
Compliance
Requirement
o Ensure continuous capacity building and training for Data Protection
Officer and other personnel involved in processing personal data
Data Controllers and Data Processors
o Engage a licensed Data Protection Compliance Organization (DPCO) to
perform a Data Protection Audit and file a report with NITDA within the
stipulated timeline – within six months of the issuance + 3 months
o Designate a Data Protection Officer (DPO) who will be responsible for
driving NDPR compliance initiatives within the organization
o Document and publish a data protection policy in line with the
requirements of the Data Protection Regulation – within six months
of the issuance
Make it Real
Compliance
Requirement
Data Controllers and Data Processors
o If a Data Controller processes the personal data of more than 1000 data
subjects in a period of 6 months, it shall submit a soft copy of the
summary of the audit to the Agency
o If a Data Controller processes the personal data of more than 2000
Data Subjects in a period of 12 months, it shall submit a summary of
its data protection audit to the Agency
If an organisation is a data controller and it processes personal data of more
than 2000 people in a year, it must submit an audit to NITDA on the 15th of
March 2020 and the 15th March of every subsequent year.
Make it Real
Consequences
For
Non-Compliance
For data controllers “dealing with more than 10,000 data subjects,” a
fine of 2% of annual gross revenue of the preceding year or payment
of 10 million Naira, whichever is greater
For data controllers “dealing with less than 10,000 data subjects,” a
fine of 1% of annual gross revenue of the preceding year or
payment of 2 million Naira, whichever is greater
Negative publicity and damage to brand and reputation
Prosecution of principal officers in the event of a severe data breach
Make it Real
WhatWill
Change For
Your
Organisation
Put individuals back in control of their personal data
Organisations will be subject to higher standards of
accountability
Fines are getting bigger, and the timelines are getting shorter
Data subjects’ rights have been strengthened and expanded
upon
Make it Real
Guide to
Compliance
withGDPR
o What type of data is collected?
o How is data collected?
o Which department receives such data?
o Why does the organisation collects/process such data?
o What will be the legal basis for processing such data?
o What are the security measures taken to prevent data breach?
Assess your organisation’s processing activities
o A data controller (determines the purpose and means how the
data is to be processed)
o A data administrator/processor (processes data on behalf of the
controller).
Ascertain what the organisation is
o Begin implementation of the NDPR
Appoint a Data ProtectionOfficer (DPO)
Make it Real
References
https://allafrica.com/stories/201910240574.html
https://www.huntonprivacyblog.com/2019/04/05/nigeria-issues-new-data-protection-regulation/
https://assets.kpmg/content/dam/kpmg/ng/pdf/advisory/NDPR-journey-to-compliance.pdf
https://www.pwc.com/ng/en/about-us/pwc-privacy-statement.html
https://www.pwc.com/mu/en/services/consulting/general-data-protection-regulations.html
https://nitda.gov.ng/wp-content/uploads/2019/01/Nigeria%20Data%20Protection%20Regulation.pdf
https://www.proshareng.com/news/Business-Regulations,-Law---Practice/The-Nigeria-Data-
Protection-Regulation--/47692
https://www.proshareng.com/news/Business%20Regulations,%20Law%20&%20Practice/National-
Data-Protection-Regulations--%E2%80%93-Legal-Alert/45095
http://www.mondaq.com/Nigeria/x/813802/data+protection/A+Quick+Guide+To+Compliance+With+
The+Nigeria+Data+Protection+Regulation
Make it Real
23

More Related Content

What's hot

[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdfChunLei(peter) Che
 

What's hot (20)

[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
 
GDPR
GDPRGDPR
GDPR
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf1.1 Data Security Presentation.pdf
1.1 Data Security Presentation.pdf
 
DATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLDDATA PROTECTION LAWS OF THE WORLD
DATA PROTECTION LAWS OF THE WORLD
 
Data protection
Data protectionData protection
Data protection
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)
 

Similar to Data protection regulations in Nigeria

OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneThomas Goubau
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
Asia Counsel Insights May 2023
Asia Counsel Insights May 2023Asia Counsel Insights May 2023
Asia Counsel Insights May 2023Minh Duong
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfDaviesParker
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Jean-François LOMBARDO
 
Data Decoded: Understanding India's Draft Data Protection Bill
Data Decoded: Understanding India's Draft Data Protection BillData Decoded: Understanding India's Draft Data Protection Bill
Data Decoded: Understanding India's Draft Data Protection BillAntaraa Vasudev
 
WB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillWB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillTrustArc
 
EBC0033 Legal Whitepaper Nov 2015
EBC0033 Legal Whitepaper Nov 2015EBC0033 Legal Whitepaper Nov 2015
EBC0033 Legal Whitepaper Nov 2015Linus Choo
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?MediaPost
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 

Similar to Data protection regulations in Nigeria (20)

OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect Everyone
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
GDPR Demystified
GDPR Demystified GDPR Demystified
GDPR Demystified
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Asia Counsel Insights May 2023
Asia Counsel Insights May 2023Asia Counsel Insights May 2023
Asia Counsel Insights May 2023
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
 
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
 
Data Decoded: Understanding India's Draft Data Protection Bill
Data Decoded: Understanding India's Draft Data Protection BillData Decoded: Understanding India's Draft Data Protection Bill
Data Decoded: Understanding India's Draft Data Protection Bill
 
WB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection BillWB-2022-01-25-India Data Protection Bill
WB-2022-01-25-India Data Protection Bill
 
EBC0033 Legal Whitepaper Nov 2015
EBC0033 Legal Whitepaper Nov 2015EBC0033 Legal Whitepaper Nov 2015
EBC0033 Legal Whitepaper Nov 2015
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 

More from Mercy Akinseinde

The Nigeria Finance Bill 2019
The Nigeria Finance Bill 2019The Nigeria Finance Bill 2019
The Nigeria Finance Bill 2019Mercy Akinseinde
 
Techniques of Data Visualization for Data & Business Analytics
Techniques of Data Visualization for Data & Business AnalyticsTechniques of Data Visualization for Data & Business Analytics
Techniques of Data Visualization for Data & Business AnalyticsMercy Akinseinde
 
Innovation model for organizations
Innovation model for organizationsInnovation model for organizations
Innovation model for organizationsMercy Akinseinde
 
Understanding the concept of Crowd-sourcing
Understanding the concept of Crowd-sourcingUnderstanding the concept of Crowd-sourcing
Understanding the concept of Crowd-sourcingMercy Akinseinde
 

More from Mercy Akinseinde (8)

360 degree appraisal
360 degree appraisal360 degree appraisal
360 degree appraisal
 
The Nigeria Finance Bill 2019
The Nigeria Finance Bill 2019The Nigeria Finance Bill 2019
The Nigeria Finance Bill 2019
 
Block chain technology
Block chain technologyBlock chain technology
Block chain technology
 
Smart Eye Care
Smart Eye CareSmart Eye Care
Smart Eye Care
 
Fintech
FintechFintech
Fintech
 
Techniques of Data Visualization for Data & Business Analytics
Techniques of Data Visualization for Data & Business AnalyticsTechniques of Data Visualization for Data & Business Analytics
Techniques of Data Visualization for Data & Business Analytics
 
Innovation model for organizations
Innovation model for organizationsInnovation model for organizations
Innovation model for organizations
 
Understanding the concept of Crowd-sourcing
Understanding the concept of Crowd-sourcingUnderstanding the concept of Crowd-sourcing
Understanding the concept of Crowd-sourcing
 

Recently uploaded

Attestation presentation under Transfer of property Act
Attestation presentation under Transfer of property ActAttestation presentation under Transfer of property Act
Attestation presentation under Transfer of property Act2020000445musaib
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
Current Ethical Issues for Legal Professionals.ppt
Current Ethical Issues for Legal Professionals.pptCurrent Ethical Issues for Legal Professionals.ppt
Current Ethical Issues for Legal Professionals.pptVidyaAdsule1
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its historyprasannamurthy6
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,18822020000445musaib
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxJFSB1
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxgurcharnsinghlecengl
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in SalesMelvinPernez2
 

Recently uploaded (20)

Attestation presentation under Transfer of property Act
Attestation presentation under Transfer of property ActAttestation presentation under Transfer of property Act
Attestation presentation under Transfer of property Act
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
Current Ethical Issues for Legal Professionals.ppt
Current Ethical Issues for Legal Professionals.pptCurrent Ethical Issues for Legal Professionals.ppt
Current Ethical Issues for Legal Professionals.ppt
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its history
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptx
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales
 

Data protection regulations in Nigeria

  • 1. Make it Real December 23rd, 2019 Ife Akinseinde (Research) CAVIDEL Limited Block B12, Flat 402 1004 Housing Estate Victoria Island Lagos Tel: 09067354599 Email: ife.akinseinde@cavidel.com Website: www.cavidel.com Data Protection Regulation in Nigeria
  • 2. Make it Real Personal Data "Personal Data" means any information relating to an identified or identifiable natural person, which could include one or more factors specific to the stated identity Physical Cultural Economic Mental Genetic Psychological Social
  • 3. Make it Real Personal Data o Employee information as managed by HR o Customer and subscribers data o Vendors, suppliers and services providers information o Business contracts o Clients (corporate or personal) o Post on social media websites o Marketing activities o Others who get in touch with us, o Recruitment applicants o Visitors to our office o Name o Contact information – phone number, email address o Location information - address o Financial information – bank details, BVN o Transaction history o Gender o Ethnicity o Health records o Photograph
  • 4. Make it Real Why Data Protection
  • 6. Make it Real o National InformationTechnology DevelopmentAgency o Implement & monitor Nigeria’s IT policy o ElectronicGovernance o Regulate electronic data, usage and exchange of information NITDA o Data Protection Bill has been passed for us to have a law on data protection o NationalAssembly has not signed it – awaiting approver Not A LawYet o Privacy and protection of Personal Data o Grave consequences of leaving Personal Data processing unregulated o NITDA issued the Nigeria Data Protection Regulation (NDPR) – January 25th 2019 o NDPR to protect data collection, processing and administration NITDA Data Protection Regulation o NDPR was modelled after the European Union Data Protection Law. o To safeguard the rights of natural persons to data privacy o To foster safe conduct for transactions involving the exchange of Personal Data o To prevent manipulation of Personal Data o To ensure that Nigerian businesses remain competitive in international trade through the safe-guards afforded by a sound data protection regulation. Objectives NITDA Data Protection Regulation Governing Body
  • 7. Make it Real Data Protection Governance Application The Regulation applies to all o residents of Nigeria, o citizens of Nigeria residing outside of Nigeria, o organizations processing personal data of such individuals.
  • 8. Make it Real Data Processing Principles Consent has been given by the data subject If the processing is necessary for performance of a contract Compliance with a legal obligation To protect the vital interests of the data subject Performance of task is carried out in public interest
  • 9. Make it Real Clarity of Privacy Organisations must display a simple, clear and easily understandable privacy policy that data subject being targeted can understand
  • 10. Make it Real Privacy Cont’d Transparency Within three months of the issuance of the Regulation, all public and private organizations in Nigeria that process personal data must make available to the general public their data protection policies, which must comply with the Regulation
  • 11. Make it Real Explicit Consent Consent is of the lawful basis for obtaining and processing personal data Consent must be informed, freely given and unambiguous Consent must not be obtained by fraud, misrepresentation, coercion or under influence Any Data consent given must also be freely and easily withdrawn at any time by the Data User or Subject without any explanation for the withdrawal proffered.
  • 12. Make it Real DataSecurity Setup firewalls Implement access controls Encrypt personal data • Data encryption technologies Developing internal policies • Protecting theft, cyber attack, manipulations, environmental hazards etc..
  • 13. Make it Real Rights of a DataSubject Have their personal data corrected Restrict the processing of their personal data where certain criteria are met Withdraw consent to the processing of their personal data Lodge a complaint with the NITDA or another relevant regulator Object to the processing of their personal data for marketing purposes Access their personal data and have the data transferred to another data controller where feasible Obtain information about the processing of their personal data Have their personal data deleted where certain criteria are met
  • 14. Make it Real International DataTransfers Transfers of personal data out of Nigeria may take place only if certain specified criteria are met NIDTA has decided that the affected country ensures adequate data protection. Transfer activities are subject to supervision of the HonourableAttorney General of the Federation.
  • 15. Make it Real Motives Improper Motives Prohibited No consent shall be sought, given or accepted in any circumstances that may engender propagation of atrocities, hate, child rights violation, criminal and anti- social acts
  • 16. Make it Real Contract Third Party Contract Data processing by a third party must be governed by a written contract between the third party and the data controller
  • 17. Make it Real Compliance Requirement o Ensure continuous capacity building and training for Data Protection Officer and other personnel involved in processing personal data Data Controllers and Data Processors o Engage a licensed Data Protection Compliance Organization (DPCO) to perform a Data Protection Audit and file a report with NITDA within the stipulated timeline – within six months of the issuance + 3 months o Designate a Data Protection Officer (DPO) who will be responsible for driving NDPR compliance initiatives within the organization o Document and publish a data protection policy in line with the requirements of the Data Protection Regulation – within six months of the issuance
  • 18. Make it Real Compliance Requirement Data Controllers and Data Processors o If a Data Controller processes the personal data of more than 1000 data subjects in a period of 6 months, it shall submit a soft copy of the summary of the audit to the Agency o If a Data Controller processes the personal data of more than 2000 Data Subjects in a period of 12 months, it shall submit a summary of its data protection audit to the Agency If an organisation is a data controller and it processes personal data of more than 2000 people in a year, it must submit an audit to NITDA on the 15th of March 2020 and the 15th March of every subsequent year.
  • 19. Make it Real Consequences For Non-Compliance For data controllers “dealing with more than 10,000 data subjects,” a fine of 2% of annual gross revenue of the preceding year or payment of 10 million Naira, whichever is greater For data controllers “dealing with less than 10,000 data subjects,” a fine of 1% of annual gross revenue of the preceding year or payment of 2 million Naira, whichever is greater Negative publicity and damage to brand and reputation Prosecution of principal officers in the event of a severe data breach
  • 20. Make it Real WhatWill Change For Your Organisation Put individuals back in control of their personal data Organisations will be subject to higher standards of accountability Fines are getting bigger, and the timelines are getting shorter Data subjects’ rights have been strengthened and expanded upon
  • 21. Make it Real Guide to Compliance withGDPR o What type of data is collected? o How is data collected? o Which department receives such data? o Why does the organisation collects/process such data? o What will be the legal basis for processing such data? o What are the security measures taken to prevent data breach? Assess your organisation’s processing activities o A data controller (determines the purpose and means how the data is to be processed) o A data administrator/processor (processes data on behalf of the controller). Ascertain what the organisation is o Begin implementation of the NDPR Appoint a Data ProtectionOfficer (DPO)
  • 22. Make it Real References https://allafrica.com/stories/201910240574.html https://www.huntonprivacyblog.com/2019/04/05/nigeria-issues-new-data-protection-regulation/ https://assets.kpmg/content/dam/kpmg/ng/pdf/advisory/NDPR-journey-to-compliance.pdf https://www.pwc.com/ng/en/about-us/pwc-privacy-statement.html https://www.pwc.com/mu/en/services/consulting/general-data-protection-regulations.html https://nitda.gov.ng/wp-content/uploads/2019/01/Nigeria%20Data%20Protection%20Regulation.pdf https://www.proshareng.com/news/Business-Regulations,-Law---Practice/The-Nigeria-Data- Protection-Regulation--/47692 https://www.proshareng.com/news/Business%20Regulations,%20Law%20&%20Practice/National- Data-Protection-Regulations--%E2%80%93-Legal-Alert/45095 http://www.mondaq.com/Nigeria/x/813802/data+protection/A+Quick+Guide+To+Compliance+With+ The+Nigeria+Data+Protection+Regulation