By Isiaku Ahmed
The good news, according to Kashifu Inuwa Abdullahi, Director-General of NITDA, is that records show that so far in Africa, Nigeria is one of the most active countries in respect of data protection. The country is one of very the few in the world that has begun using data audit filing as a basis to measure compliance. He noted that a total of 635 audit reports were filed with NITDA. It is also important to point out that 36.3% of the filed reports is from the financial services industry.
With the intrusion of the COVID-19 pandemic into normal lives, there is now a swift recourse to more creative ways of living, working and learning. This has been rightly described as the “new normal” in different corners of the world. Abdullahi opined that this new normal being created will significantly be enabled by digital services, and data would be the primary driver of its sustainability. “Before the digital revolution, customer trust was primarily based on product quality. But with technology, as our lives have moved online—socially and financially, the trust has shifted to focusing on how customers’ data are protected,” the NITDA boss stated.
The banking sector is a primary target for data breach due to the superficial value of the underlying data. Therefore, the proactiveness of this sector in complying with the NDPR and Information Technology standards and regulations is a welcome development, which will in turn build trust in customer relationship. Although it is acknowledged that the financial industry is doing comparatively well, there is still room for improvement.
To a large extent NDPR has been a success story. Although the revolution of digital transformation has taken considerable effort since the issuance of the NDPR, Nigeria has turned the corner in her quest to be recognized as a digital country. Noted Abdullahi, “The level of compliance is growing at a fast rate, with the requirement to file a data audit report serving as the key compliance indicator. Article 4.1(5) of the Regulation requires the filing of an initial data audit report and a subsequent annual audit report by every data controller and processor. This process provides a regulatory overview of the state of data governance in the reporting entity. Likewise, it has helped us understand the necessary intervention points to improve data governance, cyber-security, and privacy protection.”
Before the introduction of the NDPR, no Nigerian entity could boast of compliance with data protection laws. Selected multinationals had some level of compliance imposed on them by their parent companies. But all of that changed within one year. The NITDA boss said from almost zero compliance, the country has recorded impressive growth in compliance with data protection. “Nigeria now has a verifiable database of statutory audit reports filed by various entities. This is however a significant leap considering the low level of awareness and various challenges faced by all stakeholders,” he stated.
"Initially”, Abdullahi recalled, “there were some resistance from various quarters regarding NITDA’s statutory powers and capacity to implement the NDPR. But the resistance helped to stimulate and focus the Agency on delivering valid results. Critical stakeholders represented by Data Protection Officers (DPO) have validated NITDA’s innovative approach to NDPR implementation. And the Agency’s role in pioneering data protection in Nigeria is also critical as the experiences garnered so far would be of immense benefit to the country."
In a survey NITDA conducted in July 2020, 74% of the respondents opined that the NDPR met the need of the Nigerian environment; 76% said the unique introduction of Data Protection Compliance Organizations (DPCO) helped in their compliance with the NDPR. 72% noted that NITDA has provided the necessary support for industry adoption of the NDPR. The respondents put the rate of public awareness at 54%, which is the lowest score. But, 85.3% of the respondents stated that the NDPR compliance enhances good perception about their businesses.
According to the NITDA boss, these responses have contributed in determining three actions to be taken, which are: increase in public awareness, upgrade of the NDPR to an Act of the National Assembly and enforcement of punitive sanctions. Raising awareness is particularly important as the people are strategic to the success of NDPR. Individuals have a duty to make reports about data breaches, but they have to know about NDPR before they can do this. There is a need to create awareness through the various media outlets so that people would understand what NITDA is doing with NDPR and the role they are expected to play.
However, it is necessary to highlight some of the achievements of Nigeria’s data protection journey over the past one year. The first point to make is that the African Union Working Group on Data Protection Harmonisation and Localisation (Policy and Regulatory Initiative for Digital Africa- PRIDA) has appointed NITDA as Vice-Chair of the working group. Secondly, NITDA has licensed over 70 Data Protection Compliance Organizations (DPCO). Thirdly, the DPCO industry has created over 2,700 new jobs in the last one year. Fourthly, NITDA has inaugurated Data Breach Investigation Team in conjunction with the office of the Inspector General of Police, Fifthly, the data protection sector is now valued at N2,295,240,000 (using median value of audit implementation cost)
In addition to the above, NITDA also issued 230 compliance and enforcement notices within a year, initiated and deposited 8 data breaches with the police, resolved over 790 data breaches and investigated and fined Lagos Internal Revenue Service (LIRS) for breach. This case happens to be the first data breach case closed in Nigeria. The Agency has also helped the Federal Government earned the sum of N12,650,000 and has issued a supplementary guidelines on Use of Personal Data by Public Institutions and is currently working on the NDPR Implementation Framework 2020 which will be published soon.
The important lessons here are that there is no doubt that government can stimulate economic activities through regulations. And there is a need to do more in that regard. Customers should be aware that covid-19 has accelerated digital adoption and increased privacy and cybersecurity risks. Last but not the least, there is a need for more awareness on data privacy issues and everyone has to be on board.
Kudos to the leadership of the Honourable Minister of Communications and Digital Economy Dr Isa Ali Ibrahim Pantami, FNCS, FBCS, FIIM and Director General National Information Technology Development Agency
No comments:
Post a Comment