Friday, January 29, 2021 / 06:23 PM / By KPMG Nigeria / Header ImageCredit: Andersen Tax

On25 January 2019, the National Information Technology Development Agency (NITDAor "the Agency") issued the Nigeria Data Protection Regulation (NDPR or "theRegulation") which provides guidelines for the use of personal data collectedand/or processed by organizations.  Specifically, the NDPR requires allpublic and private organizations in Nigeria that control data of naturalpersons to publicise their respective Data Protection Policies.  Inaddition, all Data Controllers and Processors who collect and process more than2,000 data subjects within a 12-month period must conduct an independent DataProtection Audit (DPA) and file their DPA reports with the Agency, not laterthan 15 March of the following year.  

Basedon the above, companies who collected and/or processed data from January toDecember 2020 have until 15 March 2021 to submit their DPA reports to theNITDA.  Failure to file the DPA report within the statutory timeline mayattract a fine of up to 2% of a company's annual gross revenue for thepreceding year.

Onlylicensed Data Protection Compliance Organizations ("DPCO") can perform theindependent DPA, in line with the provisions of the Regulation.  The DPAwill, amongst other things, assess an organisation's compliance with therequirements of the NDPR across various areas, including data protectiongovernance, policies and processes, information systems security and controlsover personal data.

Thefollowing compliance steps are recommended for Data Controllers who have:

1.        filed their initial Data Protection Audit Report 

• Assess remediation status of compliance gaps noted from initial audit
• Develop roadmap for remediation of existing compliance gaps and execute accordingly
• Perform annual data audit and file report with NITDA before 15 March 2021

2.        not filed their initial Data Protection Audit Report 

• Immediately engage a DPCO to commence initial Data Protection Audit
• Remediate quick-wins to improve compliance posture
• File annual report with NITDA before 15 March 2021

KPMGis licensed by NITDA as a DPCO, and can assist your organization to achievecompliance with the NDPR through the following services: 

• Compliance audit and report filing
• Remediation support
• Training and capacity development
• Data Protection Impact Assessment
• Implementation of technology solutions to improve your maturity in privacymanagement

Credits

* This statement wasfirst published in the Issue 1.8/ January 2021 Newsletter of KPMG of Friday,January 29, 2021. For further enquiries,please contact the authors, Abimbola Omolola and John Anyanwu via [email protected] and/or [email protected]

Related News

1.      ProshareNigeria, 633 Others Listed Among Data Protection Compliant Organizations inNigeria

2.       SEC,NITDA Collaborate on Data Protection

3.       FGLicenses 27 Data Protection Companies

4.       DataProtection for Hotels - Legal Alert

5.       Breachof Nigeria Data Protection Regulation by the Lagos State Internal RevenueService

6.      The Nigeria DataProtection Regulation - Compliance Requirements

7.       NationalData Protection Regulations - Legal Alert

8.       EuropeanGeneral Data Protection Regulations - Highlights

9.       HowThe General Data Protection Regulation Will Affect Your Business