Data Protection Compliance Requirement for Nigerian Businesses

Data Protection Compliance Requirement for Nigerian Businesses

September 22, 2023

 

  • WHAT IS NIGERIAN DATA PROTECTION REGULATION?

Nigerian Data Protection Regulation (NDPR) provides legal safeguards for the processing of personal data.

 

  • LAWS GOVERNING NIGERIAN DATA PROTECTION

The Nigeria Data Protection Act 2023 (NDPA) is Nigeria’s main data protection legislation and it provides a legal framework for the protection of personal information and establishes the Nigerian data protection commission for the regulation of the processing of personal data information.

The Act prohibits unlawful processing of personal information which consists of personal data and sensitive personal data of natural persons. The Constitution also Contains provisions for data protection.

 

  • IMPORTANCE OF COMPLIANCE WITH NDPR
  • Non-compliance with personal data protection laws can lead to reputational damage such as loss of customer trust & brand value, etc.
  • Organizations that are non-compliant with the regulation may have to pay 2% of their annual turnover or N10, 000, 000 , whichever is higher.
  • Companies may also be liable for any damage caused to individuals because of their voluntary or involuntary actions.
  • The National Information Technology Development Agency (NITDA) can revoke your license or impose a temporary or permanent ban impacting your operations, as a result of failure to comply with the NDPR.

 

  • STEP TO COMPLY WITH THE NIGERIA DATA PROTECTION REGULATION (NDPR)

Determine if Your organization is a Data Controller or Data Processor: Difference between the Data Controller and Data Processor:

i. Data controller is the one that decides how the data is collected, used, and disclosed according to data protection compliance, also to ensure that personal data is obtained with explicit user consent.

ii Data Processor processes users’ personal data on behalf of the data controller. The data controller will be held liable for any violation done by the data processor or the data controller.

  1. Mitigate the Issues: As soon as you know what processes your organization follows and where it stands in terms of data protection, you need to deal with the issues.
  2. Appoint a Data Privacy Officer (DPO): To comply with NDPR, you must appoint a Data Privacy Officer (DPO), which can be an individual or an entity. A few roles of a DPO includes: Monitoring Internal compliance, offering guidance, serving as a contact point, conducting data protection impact assessment.
  3. Submitting Reports to NITDA: The data controllers who process the personal data of over 1000 subjects in 6 months must submit a soft copy of the audit to the NITDA through their appointed DPOs. Here’s what the report must contain: A detailed description of data processing activities, which would include the type of data collected and the purpose, the parties with whom the data is shared, proof of compliance with the NDPR.
  4. Train your Staff: When your staff/employees know the importance of NDPR will they be able to follow the regulations and help stay compliant.

 

Team 618 Bees

 

The information in this blog post (“post”) is provided for general informational purposes only, no information contained in this post should be construed as legal advice, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through this post without seeking the appropriate legal or professional advice from the particular facts and circumstances at issue from a lawyer. This post is protected by intellectual property law and regulations. It may however be shared using appropriate sharing tools provided that our authorship is always acknowledged and this Disclaimer Notice attached

More Articles

Search

Connect With Us

Got any questions?

If you are having any questions, please feel free to ask.

Send us an email

Frequently Asked

  • When are Annual Returns due for filing?

    A company’s first Annual Returns are due for filing after 18 months of its inception, subsequently it should be filed annually as the name implies. The filing dates could differ for each company depending on their financial year end but must be filed not later than 42 days after its Annual General Meeting.

    The Annual Returns for Business Names is due not later than the 30th of June each year except in the year the business was registered.
  • What’s the difference between a business name and an LLC?

    • A business name is a sole proprietorship, usually owned and managed by one individual only. Legally, the sole proprietor and his business are one. It simply means an individual trading with an alias. The sole proprietor is personally liable for all business related obligations.

    • A limited liability company on the other hand is a separate business entity from the individuals that hold its shares and act as directors. Legally, it’s a separate business entity and a person on its own who can transact business, own property separate from its owners and can sue or be sued. 
  • What is a testimonium clause in an agreement?

    This is the part of the agreement where the witness attests to have witnessed the execution of the agreement.
  • What are the product categories available when registering with NAFDAC?

    The product categories include: Food, Cosmetics, Drug, Medical Device, Agro-Chemicals & Pesticide, Veterinary Products, Vaccines & Biologicals, Herbal and Nutraceuticals and Water
  • What is classified as personal data?

    Name, photograph, personal health/bio information, account/financial information, phone number, Address, date of birth, place of birth, Email address, etc.
  • What is eligible for Patent registration?

    Patents are granted for the invention of products or processes. However, for it to be patentable, the invention

    • Must be new,
    • Must have an inventive step that is not obvious to someone with knowledge and experience in the subject,
    • Must be capable of being made or used in some kind of industry and not be, a scientific or mathematical discovery, theory or method, a literary, dramatic, musical or artistic work, a way of performing a mental act, playing a game or doing business, the presentation of information, or some computer programs, an animal or plant variety, a method of medical treatment or diagnosis,
    • And must not be against public policy or morality.
  • What will happen if I buy the wrong category of forms with NAFDAC?

    Nothing, the purchased form will be in your account for future use.

     
  • Can my kids be shareholders in my company?

    Yes your kids can hold shares in your company but there must be a minimum of two adult shareholders before kids can be included.
  • How long does a trademark registration in Nigeria Last?

    Trademark is valid for seven years from the date of application but you may renew the application for the trademark for an additional period of 14years.
All FAQs
Call Us Now on +234 901 719 0079 Chat on WhatsApp