Data Privacy Act: FG Goes Tough On Businesses, Launches Tool For Nigerians To Report Breach
- The issue of data privacy has been on the front burner for a while, especially after a popular fintech lost billions of naira in a breach last year
- The federal government has now launched an implementation and application guide for businesses to protect customers from such breaches
- There is also a tool that allows the customers take an active part in the process by immediately reporting suspected breaches to the NDPC
Legit.ng journalist Ruth Okwumbu-Imafidon has over a decade of experience in business reporting across digital and mainstream media.
In the quest to safeguard the rights of Nigerians to data privacy and protection, the federal government has unveiled the Nigerian Data Protection Act General Application and Implementation Directive (NDP ACT-GAID).
The Act includes provisions that cover areas like Lawful Bases of Data Processing, Data Protection Principles, Data Subjects’ Rights, Material and Territorial Scope of the NDP Act Data Ethics and Emerging Technologies.
Read also:Foreign Based Stars Withdraw From Nigeria Training After Camp Relocation
National Commissioner/ CEO of the Nigerian Data Protection Commission (NDPC), Dr. Vincent Olatunji, announced this in a news conference in Abuja on Thursday.
Olatunji noted that this would affect the objectives of the 2023 Data Protection Act, and push Nigeria to the frontiers of the 4th Industrial Revolution as envisaged by the government.
Data Breach leads to loss of N11 billion
The issue of data security has been on the top burner for some months. Recall that Nigerian payment giant Flutterwave suffered repeated breaches.
The company lost $24 million in the first, and N11 billion in the second breach. The hackers transferred the funds to several accounts in five Nigerian banks.
Breaches often occur due to the compromise of security systems where customers/users' data have been stored.
With the NDPC Act-GAID, the federal government is protecting Nigerians from being victims of such breaches due to errors from businesses.
Read also:Davido Appreciates His Trinidad Fans The Energy Love The Way You Embraced Me It Felt Like Home
Areas covered in the Implementation Directive
Other areas covered in the NDP ACT-General Application and Implementation Directive (GAID) include Data Privacy Impact Assessment, Cross-border Data Transfer, NDP Act Compliance Audit Returns, Training and Certification of Data Protection Officers, Cooperation and Collaboration.
It also includes; Benchmarking with global best practices, Alternative Dispute Resolution, Standardised Grievances Redress Mechanism, and emerging technologies like Artificial Intelligence.
According to Olatunji, implementation of the NDP Act-GAID is part of the government’s move to create an enabling environment for businesses, while also ensuring that citizens’ privacy, correspondence, phone conversations, telegraphic communications and homes should be protected according to the law.
Recall that the National Bureau of Statistics (NBS) had its website taken over by hackers after a data breach.
Implementation commences in six months
The NDPC CEO announced that full implementation commences in September 2025, while the provisions relating to fees come into effect in January 2026, Leadership News reports.
This will provide the businesses sufficient time to make the needed adjustments and incorporate privacy features by design and by default. Organisations will also have time to be fully acquainted with the provisions, ruling out any claims of ignorance.
Olatunji noted that NDPC had conducted several engagements with constituted authorities, civil society organisations, corporate bodies, international bodies, the media, and the data subjects.
Data subjects can initiate remediation
Mr. Olatunji noted that the privacy breach remediation process has also been fully democratized so subjects can initiate remediation when they suspect a breach of privacy.
He said;
“We achieved this by introducing data subjects’ Standard Notice to Address Grievance (SNAG) which empowers data subjects to use the instrumentality of the Commission to demand remedial action from data controllers and processors without first writing to the Commission.
“This process makes over 230 million Nigerians our immediate and direct partners in ensuring adequacy of data protection in Nigeria. Through Automation, the SNAG will be accessible anywhere in all nooks and crannies of Nigeria and around the world.”
Olatunji warned that data processors and controllers will now have to answer for their actions and omissions, as it affects the rights of Nigerian citizens.
NDPC launches Know Your Data Rights campaign
In related news, the NDPC launched a Know-Your-Data-Rights campaign to educate the public on what their rights and responsibilities are in relation to data protection.
The campaign warned Nigerians to be careful when surfing the internet or shopping online, and avoid opening strange mails or clicking strange links.
NDPC noted that such actions from users could compromise data safety and lead to huge losses.
