The National Commissioner, Nigeria Data Protection Commission (NDPC) Dr Vincent Olatunji says the move by the federal government to make data protection a statutory requirement for every organization is in the interest of “our dear nation”.
Olatunji who made this known to newsmen Monday in Abuja, commended President Bola Tinubu for signing the data protection law, adding that it would that inspire trust for jobs to be created.
He said,”It is my pleasure to welcome you today at this pivotal moment in the advancement of data privacy and protection within the borders of our dear nation. To all intents and purpose, we have crossed a significant threshold in the frontiers of the 4th Industrial Revolution; we are now at the decisive arena where duty of care and standard of care expected of everyone in the data processing ecosystem are laid down in a principal legislation: the Nigeria Data Protection Act (NDPA) 2023.
“You will agree with me that having a principal law is not the end of our goal. It marks the end of the beginning. It is in the certainty of our law that we can begin to put in place the building blocks of a sustainable Digital Economy.
“As you are aware, His Excellency, President Bola Ahmed Tinubu, GCFR, has set an achievable target of creating 1 million jobs through the Digital Economy sector. Gladly, to walk the talk, he has signed the data protection law that will inspire trust for jobs to be created. Accordingly measures are being put in place to create 500, 000 jobsdata protection ecosystem. This is 50% of the job creation target for the sector.
“At the core of the NDPR is the essence of respect – respect for the personal data of our citizens, respect for privacy, and respect for digital rights. This respect is now solidly etched in the NDPA. The change in legislation is not merely an addendum to our law books; it is a transformative stride towards shaping a culture where the protection of personal data is a cherished principle and an inviolable obligation.
“The move to make data protection a statutory requirement means every organization, big or small, must cooperate with government and also ‘walk the talk’ in the interest of our dear nation.
“This development should not be seen as a burden; rather, let us view it as an exciting journey towards gaining trust, building robust data protection structures, and strengthening our standing in the global digital economy landscape.”
NDPC National Commissioner stressed that the journey towards nationwide compliance would be guided by several key initiatives and future developments.
“Within the last two quarters of this year, we are vigorously pursuing the following targets:
“Public Awareness Campaigns: We understand that awareness is the first step towards compliance. Therefore, we will be expanding our active public awareness campaigns to educate and empower organizations and individuals as regards their roles, rights, and responsibilities under the Act.
“Development of Implementation Framework: Standardization is vital. Hence, we will be developing a standardized framework for implementation, ensuring consistency and clarity across all sectors. This will involve guidance notices on key provisions of the law particularly those that relate to lawful basis of data processing, data subjects rights, compliance audit returns and cross-border data transfer.
“Capacity-building for Data Protection Officers (DPOs): Our DPOs are the frontline soldiers in this endeavour. We will improve capacity-building opportunities for DPOs enrolled under the National Data Protection Adequacy Programme (NaDAP), thereby enhancing their ability to lead their organizations towards compliance.
Issuance of DPCO Practice Guidelines and Sectorial Guidance Notices:
“We will strengthen our regulatory frameworks for DPCOs and issue sector-specific guidelines particularly for financial and telecom sectors. The objective is to provide agile frameworks that address peculiar vulnerabilities, risks and opportunities on the one hand, and on the other hand provide clear path for compliance. Considering the increase in the demand complainces services, more DPCOs will be licensed to provide services and make the ecosystem competitive.
“Upscale of Registration Process: In the digital age, ease of processes is crucial. We will upscale the registration process for data controllers and data processors, simplifying compliance pathways and encouraging participation.
“Compliance Audit Filing Calendar: We will also introduce a definite calendar forfiling annual Compliance Audit Returns. Our target is January to December. Organizations will have opportunity to file within the first quarter of each. The current dispensation of compliance under NDPR will be completed and only those who are compliant will be eligible for inclusion on the NaDPAP Whitelist.
“This will also enable organizations to be up-to-date with their compliance obligations.
Ladies and gentlemen, these initiatives underscore our commitment to ensuring that all Nigerian organisations become NDPA compliant . This is not just about following a new set of rules, but about embracing a new era of data protection where respect for personal data becomes an integral part of our national ethos.”
Olatunji further pointed out that the work of the media and the civil society was crucial in pushing forward the 4th Industrial Revolution in the country.
“Finally, ladies and gentlemen, as the saying goes, the pen is mightier than the sword. Thus, the work of the media and the civil society at large is crucial as we push forward in this 4th Industrial Revolution.
“We are therefore counting on your support in the days ahead. To this end, we are committing our finest resources and best endeavours,” he said.