Taxaide Technologies Limited (Taxtech), a National Information Technology Development Agency (NITDA)-licensed Data Protection Compliance Organisation (DPCO) and an ISO 27001:2013 certified organisation has emphasised the need for public institutions to take the subject of Data Protection more seriously.
The NITDA in pursuant of its powers under the NITDA Act, on the 18th of May 2020 has also issued the guidelines for the management of personal data by public institutions.
Also, as the filing of data protection audits by data controllers nears the June 30 deadline, the NITDA in pursuant of its powers under the NITDA Act, has issued the guidelines for the management of personal data by public institutions.
Partner, Data Protection Compliance Services, Taxtech, Oyeyemi Oke, while addressing journalists stated that it was imperative to take the conversation of data protection beyond just private organisations.
He emphasised that public institutions are custodians of an immense volume of data and without due processes in place, there are higher chances of data breach and abuse of privacy of the data subjects.
“The NDPR has provided a means to ensure the data of Nigerian citizens and all persons living within Nigeria are protected and the regulations must be adhered to by all and sundry if we are to achieve the highest standards of data privacy as a nation. There should be no sacred cows whether in the private or public sector,” Oke added.
Data Controllers are required to engage the services of DPCOs to assist with the compliance process of filing their Statutory Annual Data Protection Audit with NITDA or risk the penalty of N10 million or two per cent of their global revenues, whichever is greater in the event of a data breach.
The NDPR aims to safeguard the right of natural persons to data privacy, foster safe conduct of transactions involving exchange of personal data and prevent manipulations of personal data. It imposes numerous compliance obligations on data controllers and processors in their collection and processing of personal data of natural persons.
The scope of data controllers and processors includes banks, financial institutions, telecommunication companies, payment companies, internet and IT companies, ministries, departments and agencies of federal and state governments, electoral bodies, data management companies and the Corporate Affairs Commission, among others.