The National Commissioner for the Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, has emphasised the importance of data protection in a world where data is often misused, leading to identity theft and unauthorised access to accounts. It’s a global concern, recognized as a human right by the United Nations.

The NDPC boss expressed his concerns in an interview with The Guardian while stating the lack of skilled data professionals as well as poor awareness of data protection in the country.

Read also: Nigerian data centre market to increase by $288.8 Million

Data Residency and Sovereignty

The issue of data residency, the notion that data should be stored within the country of origin, brings up the concept of data sovereignty. While data residency is a valid concern, the digital world operates on a global scale, making it challenging for countries to isolate their data entirely. Dr. Olatunji highlighted that certain categories of data could be stored locally, while others could be shared internationally under specific conditions. Cross-border data transfer conditions are outlined in Section 8 of the NDPC’s law.

He explained that data protection doesn’t mean isolation but ensuring that data shared across borders is adequately protected, respecting the sovereignty of the data subjects and the national interests.

According to the National Commissioner, The NDPC promotes job creation through several avenues. They require data controllers to engage data protection officers, a significant source of job creation. As of now, there’s a substantial gap between the number of qualified data protection officers and the actual demand, creating an opportunity for over 490,000 jobs.

Through a Public-Private Partnership model, the NDPC licences Data Protection Compliance Organizations (DPCOs) to ensure compliance with data protection laws. More than 150 DPCOs have been licensed, creating jobs for people working within these organisations.

In addition, the NDPC’s initiatives are creating various services within the data protection sector, valued at over N5 billion in just three years. The NDPC’s goal is to promote data management culture across Nigeria, creating a wealth of job opportunities in the process.

Monitoring Big Tech Firms

Dr. Olatunji attested to the global concerns of the use of personal data by big tech firm, noting that in Nigeria, the NDPC is working on regulating these firms to ensure data privacy. The law empowers the NDPC to issue regulations to control the usage of personal data in the face of emerging technologies. Their focus is on social media networks, solution providers, and multinationals operating within Nigeria.

To address this concern at a continental level, Africa is working on coordinated privacy laws that will guide the operations of multinationals and service providers. For now, Nigeria has established laws to properly monitor these entities and ensure compliance with data privacy regulations.

Key Challenges: Awareness and Manpower

As regards setbacks, Dr. Olatunji said the NDPC faces two significant challenges: awareness and a shortage of qualified manpower. Many Nigerians are unaware of their data rights, and there’s a lack of education regarding data privacy. To address this, the NDPC is launching awareness campaigns to educate both data subjects and data collectors. People need to understand why their data is collected, and organizations should provide training for their staff as new data-driven systems emerge.

Moreover, the NDPC is receiving complaints regarding data breaches through Point of Sale (PoS) terminals. Through awareness and education, they aim to sensitise organisations about the importance of data protection compliance.

CBN announces DMBs who distort images, data will pay penalties

Outcomes of Investigations

The NDPC has conducted investigations into various sectors, including banking, telecommunications, consulting, and digital lending companies. Several banks have faced remedial actions, while fines have been imposed on companies like Soko Loans. The NDPC is keen on encouraging organisations to comply with data protection laws and incorporate compliance into their practices. Investigations are ongoing, and the NDPC is committed to enhancing a culture of compliance.

Regarding the recent directive from the Central Bank of Nigeria (CBN) for banks to collect the social media handles of their customers, the NDPC highlighted the importance of obtaining the consent of data subjects. Data privacy regulations must be followed, and guidelines must be established to ensure the public interest and data subject rights are respected. Collaboration between the NDPC and CBN is ongoing to create a regulatory framework that respects both the rights of Nigerians and the mandates of the CBN.

Blacklisting Non-Compliant Firms

Rather than immediately blacklisting non-compliant firms, the NDPC encourages organisations to register with the Commission. Registration allows the NDPC to effectively regulate them. The NDPC plans to establish a Whitelist based on transparent metrics for data protection compliance. Organisations not on the Whitelist could be at risk of blacklisting, especially if they negligently or criminally violate data subject rights and fail to carry out required remediation.

The NDPC aims to strike a balance between regulatory enforcement and fostering a culture of compliance, with the ultimate goal of safeguarding personal data and boosting the economy.

As the NDPC continues its work, it plays a vital role in shaping Nigeria’s digital future, ensuring that data privacy is respected and job opportunities are created within the data protection sector.