- Puts 110 Operators Under Investigation
- Bureau Says Compliance better than Fine
Nigeria Data Protection Bureau (NDPB) has said that companies found guilty of data privacy and protection breaches in Nigeria will forfeit 2% of their annual revenue from the previous year as sanction for the violation.
Dr Vincent Olatunji, National Commissioner of the Bureau, who disclosed this on Monday while speaking to news men in Lagos, said NDPB is presently investigating over 110 companies in Nigeria over allegations of data breach.
According to him, the investigated companies include banks, telecom, gaming, and online lending. He said the vulnerabilities in these sectors are high partly due to the capabilities of intrusive mobile apps they deploy in rendering their services.
Olatunji said those found guilty may be made to pay 2 per cent of their revenue from the previous year to the government according to the Data Protection law.
He said that the government’s position is that those who are into data would have nothing to fear. Still, the consequences of their acts and omissions might constitute a civil or criminal liability. He added that the Nigeria Police Force is currently working with the bureau.
He said, ” the vulnerabilities in these sectors are high partly due to the capabilities of intrusive mobile apps. When you factor in a lack of due diligence on the part of data controllers in engaging data processors or vendors who have access to the personal data of customers, what you see in some cases is a pattern of abuses in violation of the Nigeria Data Protection Regulation (NDPR) and section 37 of the 1999 Constitution of the Federal Republic of Nigeria.
According to him, the government’s position is that those who deal with data have nothing to fear but the consequences of their acts and omissions, which may constitute civil or criminal liability.
Olatunji disclosed that the Bureau recently licensed 48 Data Protection Compliance Organisations (DPCOs), which increased the number of DPCOs to 138, which has boosted the wealth and job creation in the ecosystem.
He said that Nigeria was prepared for a leading role in advancing data protection and exploring the opportunities of the global digital economy. Olatunji reassured citizens that every data controller and data processor within or outside Nigeria would be held accountable for any unlawful processing of personal data from their jurisdiction.
The NDPB was established in February 2002 by President Muhammadu Buhari as the nation’s data protection authority and to fully implement the provisions of the Nigeria Data Protection Regulation (NDPR) issued in 2019.
He also said Bureau had generated N5.5 billion into the coffers of the Federal Government from its operations in the last year partly through the license of 138 Data Protection Compliance Organisations (DPCOs), which has boosted the wealth and job creation in the ecosystem.
“Similarly, the rate of NDPR Compliance Audit Returns filing increased from 1229 in 2021 to 1,777 in 2022,” he said.
He said that last year, the Bureau took necessary institutional measures to lay the foundation of the bulwark for a sustainable digital economy.
According to him, these are the official launching of the core values, digital platform and symbol for the seamless and effective implementation of the NDPR 5/4/22, adding that the agency has been carrying out strategic awareness campaigns across the country.
“We recalibrated the “Adopt-A-School” Awareness Programme, which is now called “Catch – them-Young”. We were able to reach over 3000 students and pupils in about 70 schools with the message of data privacy,” Cr Olatunji said.
He said the Bureau has also carried out stakeholder engagement for Accelerated Integration of Public Sector Data Controllers into the Data Privacy and Protection Framework. The public institutions engaged, he said, including the National Assembly, Office of the Secretary to the Government of the Federation, Federal Ministry of Health, Central Bank of Nigeria (CBN), Nigeria Police Force, Independent Corrupt Practices and Related Offences Commission (ICPC) and the National Lottery Regulatory Commission (NLRC).
“As a result of these engagements, we now have a-100 per cent increase in the rate of integration of the public sector into the Data Privacy and Protection Framework,” he said.
In capacity building and National Certification on Data Privacy and Protection, he said the target is to create a pool of 250,000 globally competent data privacy and protection experts.
To achieve this, 15 capacity-building programmes for members of staff of the Bureau have so far been organized. In contrast, training has been done for the ICT and Cybersecurity Committee of the Senate, ICT and Cybersecurity Committee of the House of Representatives, Federal Ministry of Justice, Nigeria Television Authority, Voice of Nigeria, Federal Polytechnic, Nekede, Imo State, Office of the Accountant General of the Federation and Designated Data Protection Officers from over 100 Ministries, Departments and Agencies (MDAs).
The Office of the Secretary to the Government of the Federation, Bureau of Public Procurement, Ministry of Health and Nigeria Institute of Transport Technology, Zaria, have also been scheduled to benefit from the capacity-building programme.
He said: “On the reinforcement of NDPR Implementation Framework. This was achieved through the Federal Government Circular through the Office of the Secretary to the Government of the Federation directing Ministries, Departments and Agencies (MDAs) to comply with the NDPR Circular no SGF/OP/I/S.3/XII/186 7/11/22
“Service-wide Guidelines on Personal Information Technology Devices by the Office of the Head of the Civil Service of the Federation makes compliance with NDPR obligatory in public service. circular number OHCSF/ICTD/152/I/ dated 16/11/22.
“Resolution of the 10th Meeting of the National Council on Communications and Digital Economy (NCCDE), which urges data controllers and data processors at Federal, State and Local levels to comply with the NDPR. 9/12/22
“MoU with Federal Competition and Consumer Protection Commission; developing Code of Conduct for Data Protection Compliance Organizations and drafting the Nigeria Data Protection Bill 2022.
“As you are aware, the Federal Executive Council approved the Nigeria Data Protection Bill on the 25th of January, 2023. It will be transmitted to the National Assembly as an Executive Bill. The Legislature has reiterated its preparedness to pass the bill into law,” he said.