Nigeria now has more data protection experts per capital than any other African country, Says DG NITDA-TECH Central Nigeria
The National Information and Technology Development Agency (NITDA) as the custodian and regulator of the Nigerian Information Communication and Technology sector, as one of its primary objective, has continued to formulate and implement policies in line with global best practices geared towards the actualization of the economic digitization goal of the Federal government, as they sought to provide viable grounds for innovators and innovations to strive in Nigeria and globally as well as ensure cybersecurity for internet users.
It is based on this note, that the need to ensure data protection regulation is put in place to provide privacy in the Cyberspace for users. The National Privacy week as an initiative of the Agency under the supervision of the Ministry of Communications and Digital Economy is aimed at providing an update on where we are in terms of the Data Protection Regulation implementation and highlight projections for 2021.
Speaking at the virtual conference to launch the privacy week on Monday 25th of January,2021, The Director-General/ CEO NITDA, Malam Kashifu Inuwa Abdullahi said, “NITDA had issued a draft Data Protection Guideline since 2013, with the objective of providing a basic law to guide the use of data in the digital space. However, when the EU GDPR was issued in 2016, the then Director-General of NITDA, Dr. Isa Ali Ibrahim Pantami, constituted a team to review the draft guideline in the light of global developments and also to provide Nigerians with a practicable law for its implementation. The team made a couple of brilliant recommendations and got necessary assistance from law firms, GDPR consultants, and some multinationals that made inputs through the NITDA Rule Making process.
After exhausting the consultative process, the Agency issued the Nigeria Data Protection Regulation (NDPR) on 25th January 2019″.
According to him, “the NDPR, is designed to meet the global, especially GDPR principles on data protection, and also provide unique and innovative implementation frameworks that has made it a point of reference in Africa and beyond”.
As summarized by the DG, the steps taken by NITDA following the issuance of the regulation, include:
1) Sustained Public Awareness
While taking cognizance of the information deficit by most Nigerigerians as regards the issue of data protection, NITDA, realized that wielding the big stick without adequate awareness would lead to apathy and, or rebellion and as such, the agency’s first task was to embark on series of public awareness campaigns which helped achieve massive media awareness between May and October 2019. So far, Nigeria stands to be the first African country to dedicate a whole week to public awareness on data privacy protection.
Also, on a regular basis, the agency has made it a point of note to offer press statements and opinions.
As an organization, the agency’s officers have made presentations in over 105 events, workshops and seminars since 2019 and have treated 1,200 questions, requests for clarification and other inquiries from the public on the issue of data protection.
It is pertinent to note that the first privacy week was held from 23rd – 28th January 2020.
“Through our dynamic Implementation Committee, we have organized Media Executives’ training and workshops for Data Protection Compliance Organizations (DPCO), Data Protection Officers, Data Breach Investigation Team (DBIT), Police Enforcement Team, and select NITDA staff, an in-house workshop for major multinationals, Regulators and industry associations”, the DG stated.
2) Implementation Structure
According to Malam Kashifu , “NITDA has created a unique implementation structure for the NDPR. Unlike the GDPR and other laws, NDPR creates a set of licensees who have proven expertise in data protection implementation. These DPCOs are licensed to provide data protection compliance, audit, training and related services to all Data Controllers and Processors. So far, we have licensed seventy DPCOs and have received many more applications which are currently being treated.
This strategy has recorded compliance from many organizations than could be imagined. For instance, our audit reports for the period 2019-2020 shows the percentage of compliance among the number of filing entities. These sectors includes: Financial Services (35%),Fast Moving Consumer Goods (14%), Energy (10%), Consultancy (9%), ICT (8%), Transport and logistics (5%), Others(19%)
However, with the direction we are moving on NDPR audit compliance filing, we are very glad that we have set out in the right way. Our strategy of licensing DPCOs is yielding bounteous fruits as Nigeria now has more data protection experts per capita than any other African country. Our survey also reveals that wealth is being generated through the DPCO scheme. Interestingly, this aligns with President Muhammadu Buhari’s vision to diversify the economy, create sustainable jobs and develop the digital economy.
Aside from the compliance focus, we have also inaugurated the Data Breach Investigation Team (DBIT). This team is made up of IT Professionals, Lawyers and the Police Force.
Their assignment is to investigate allegations of breach and make recommendations of actions to be taken on each case, through the Implementation Committee.
The Police team is also empowered to invite, arrest, interrogate and prosecute erring offenders”.
3) Legal and Political Structure for Sustainability
He stated that, “NITDA, through the support of its parent Ministry, has done a lot to give legal and political credence to the NDPR. Section 6(c) of the NITDA Act 2007 mandates the Agency to develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information. Here, NITDA’s strategy is to create a workable, credible implementation process that would assist the National Assembly in its quest to pass a Data Protection Bill.
We are proud to say the NDPR implementation has the most robust consultative process in our recent history as a nation. This autochthonous approach has deepened the NDPR more than we could have imagined”.
shedding light on some strategic steps being taken by NITDA to further strengthen the implementation of NDPR in Nigeria. The Chief Information Officer said,
“In March 2020, NITDA, on the recommendation of the Honourable Minister of Communications and Digital Economy was selected as a member of the Technical Working Group on Data Protection Laws Harmonization and Localization in Africa hosted by the African Union Commission with support from the European Union Commission. Nigeria was appointed as the Vice-Chair of this very important group.
The confidence reposed in us by the African and European Unions has been justified by our experiential, collegial and intellectual inputs to the process which has endeared us to our sister countries. The import of this is that NITDA has begun to open the doors for our private sector players to venture to other countries to replicate the moderate success we have achieved thus far. One of our DPCOs organized the 1st Africa Data Protection Conclave that had speakers and attendees from all over Africa and beyond.
In December 2020, NITDA was appointed as a full member of the Common Thread Network (CTN). CTN is a network of Commonwealth nations’ data protection authorities.
The CTN is hosted by the UK Information Commissioner’s Office. This strategic alliance would provide needed support in capacity development, mentoring, and cross border enforcement. The impact of this development will be amazingly limitless”.
He assured Nigerians of NITDA’s continued efforts to put in place necessary structures to deepen data protection implementation in Nigeria before the passage of the Data Protection Bill to law.
Mallam Kashifu highlighted the agency’s 2021 vision to include, the development of sectorial implementation toolkits which will be aimed at getting sector stakeholders to agree on a single, workable template for compliance in their sector. ; Standardization of NDPR courses and trainings to engage vigorous and experienced Nigerian based institutions that would help standardize and accredit data protection and information security training and certification; the agency also hopes to develop a multi-billion naira sector that would create thousands of jobs for trainers, content providers and other professionals; to rejig the agency’s enforcement mechanism to improve compliance. COVID-19 slowed down our enforcement vision in 2020, but we are going to redouble our efforts in this direction as data protection has become a pivot for the continued growth of the digital economy.
The DG also stated that the implementation of the NDPR has been faced with some challenges which border on publicity and awareness, staff capacity for development and cross-breeding of ideas, enforcement of policies and regulations on businesses.
He reiterated the need for more partnerships and support in order to bridge the gap. a lot of capacity development and cross-breeding of ideas.
The Chief Information officer used the opportunity to remind all data controllers and processors of the deadline for the filing of their annual data audit report, which is 15th March 2021. As he further stated that Non-filing is a punishable offence and the agency is set to fully enforce this provision this year.
The National privacy week will comprise of series of activities.
On Tuesday 26th January 2021, the maiden edition of the Privacy Tech Expo which is conceptualized to promote Nigerian innovations around privacy and data protection will be hosted by NITDA. As a regulatory agency, NITDA has a duty to ensure all regulatory efforts are infused with requisite technological support. These editions of the Privacy Tech Expo will comprise pitch sessions with a selected panel of experts providing guidance on how to improve on the solutions provided; also, a webinar themed “Privacy and Public Health Management – Lessons from COVID-19” will be held to discuss the privacy issues arising from COVID-19 induced processes such as contact tracing, temperature capturing, vaccine trials, etc. The webinar is expected to dissect the issues and proffer solutions for the consideration of the government and other stakeholders.
On Wednesday,27th January 2021, the National Virtual Class on Data Protection (for Secondary Schools) will mark the 3rd day of the one week-long activities. This virtual class would be focused on Youths. The virtual class will offer the students requisite knowledge on the basics of data protection and privacy and help them learn how to protect their data online. Also, a Webinar themed “NIN: Preserving Privacy; Promoting the Digital Economy” designed to discuss the issuance of the National Identity Number (NIN) and it’s implications on privacy and the digital economy will be held where panelists are expected to draw out lessons learned and what we as a nation can do better to achieve our objectives .
The grand finale of the National Privacy week’s activities tagged “Global Privacy Day” will be held on Thursday 28th January 2021. The activities to mark this day includes a keynote address on the government’s vision on data protection and the digital economy by Dr. Isa Ali Ibrahim Pantami, the Honourable Minister of Communications and Digital Economy, Chief Host and Special guest of honor; Goodwill messages are taken from within and outside Nigeria; The National Quiz Competition finals where finalists would be assessed on data protection, digital economy, information technology, and general knowledge; Finally, an Executive Roundtable will be held with the theme “Big Tech and Privacy: Evolving an African Data Strategy”. This session would comprise representatives of Africa’s big tech, the African Union, international law firm and the government. This top-level session would help Africa begin a process of decolonising technology and help us achieve some level of control over our data.
The week-long events will be channeled on the Zoom platform with live streams on YouTube and other social media platforms.
written by Ramat Aliyu