ICT
NITDA warns business owners against breach of data protection laws
National Information Technology Development Agency (NITDA) has said that Nigerians and businesses’ risk losing N2m or more to the government for violating the Nigeria Data Protection Regulation 2019.
Dr Isa Patanmi, director-general/chief executive officer, NITDA, in a notice, said it commenced the implementation of the Nigerian data protection law, which seeks to safeguard the rights of Nigerians to data privacy, on April 25, 2019.
“NITDA hereby notifies the general public that consequent upon its official issuance and public presentation of the Nigerian data protection regulation on January 25, 2019, full implementation of the regulation commenced from the April 25, 2019,” the DG said.
According to Patanmi, the regulation will ensure exchange of personal data is done safely and securely; prevent the manipulation of personal data and ensure that Nigerian businesses remain competitive globally.
He noted that data protection was a key requirement in ensuring confidence in business transactions.
The agency said it had been mandated by the Section 6(c) of the NITDA Act of 2007, to “develop regulation for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions among others.”
Pantanmi added that the Act had granted NITDA the power to enforce compliance and penalise defaulters.
He said the penalty for breaching this regulation in addition to any other liabilities includes “payment of the fine of two per cent of annual gross revenue of the preceding year or the sum of N10m, whichever is greater in the case of a data controller dealing with more than 10,000 data subjects.
“In the case of a data controller dealing with less than 10,000 data subjects, payment of the fine of one per cent of the annual gross revenue of the preceding year of the sum of N2m, whichever is greater.”
According to the data regulation, data subjects must give consent to the processing of their personal data for one or more specific purposes and the purpose for collection should be made known to the subject.
It also stipulated that any medium through which personal data is being collected or processed should display a simple conspicuous privacy policy that could be understood by the subjects.
The regulation added that data processing by a third party should be governed by a written contract between the third party and the data controller.
Breaches in data regulation has become a global issue attracting fines and litigation by government, especially in the European Union.
-
Business1 week agoDangote cuts petrol, diesel prices again to boost affordability, economic activity
-
Politics1 week agoAmuwo Odofin: Umeadi emerges winner of NDC Reps Primary
-
Featured1 week agoPSG edge Arsenal on penalties to retain Champions League crown
-
Health4 days agoSenate hearing set to review research on COVID-19 vaccines, cancer concerns
-
Crime3 days agoLASU student dies after armed robbery attack
-
Comments and Issues1 week agoWhy baby boys outnumber girls at birth
-
Football6 days agoFIFA confirms 10 key law changes for 2026 World Cup
-
Latest5 days agoCG Musa 4 PBAT’ group declares support for Tinubu’s 2027 ambition, cites strategic leadership