ICT
NITDA warns business owners against breach of data protection laws
National Information Technology Development Agency (NITDA) has said that Nigerians and businesses’ risk losing N2m or more to the government for violating the Nigeria Data Protection Regulation 2019.
Dr Isa Patanmi, director-general/chief executive officer, NITDA, in a notice, said it commenced the implementation of the Nigerian data protection law, which seeks to safeguard the rights of Nigerians to data privacy, on April 25, 2019.
“NITDA hereby notifies the general public that consequent upon its official issuance and public presentation of the Nigerian data protection regulation on January 25, 2019, full implementation of the regulation commenced from the April 25, 2019,” the DG said.
According to Patanmi, the regulation will ensure exchange of personal data is done safely and securely; prevent the manipulation of personal data and ensure that Nigerian businesses remain competitive globally.
He noted that data protection was a key requirement in ensuring confidence in business transactions.
The agency said it had been mandated by the Section 6(c) of the NITDA Act of 2007, to “develop regulation for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions among others.”
Pantanmi added that the Act had granted NITDA the power to enforce compliance and penalise defaulters.
He said the penalty for breaching this regulation in addition to any other liabilities includes “payment of the fine of two per cent of annual gross revenue of the preceding year or the sum of N10m, whichever is greater in the case of a data controller dealing with more than 10,000 data subjects.
“In the case of a data controller dealing with less than 10,000 data subjects, payment of the fine of one per cent of the annual gross revenue of the preceding year of the sum of N2m, whichever is greater.”
According to the data regulation, data subjects must give consent to the processing of their personal data for one or more specific purposes and the purpose for collection should be made known to the subject.
It also stipulated that any medium through which personal data is being collected or processed should display a simple conspicuous privacy policy that could be understood by the subjects.
The regulation added that data processing by a third party should be governed by a written contract between the third party and the data controller.
Breaches in data regulation has become a global issue attracting fines and litigation by government, especially in the European Union.
-
Latest1 week agoSex video leak sparks disciplinary action as FUOYE suspends two students
-
Business1 week agoThe CBN’s Exposure Draft on Holding Companies of Banks: Matters Arising
-
Comments and Issues1 week agoEkiti 2026: Will INEC redeem self or slide further?
-
Latest1 week agoTinubu Grants Customs Boss Adeniyi Final Six-Month Extension to Oversee Single Window Project, Succession
-
Latest6 days agoAPC’s Asogwa wins Enugu North senatorial by-election by wide margin
-
News1 week agoYiaga Africa Flags Discrepancies in Ballot Papers of Ekiti Governorship Poll
-
Football1 week agoWorld Cup group stage heats up as Germany face Ivory Coast, Netherlands meet Sweden in crucial fixtures
-
Latest6 days agoAPC, PDP clinch key by-elections as INEC declares winners in Kano, Rivers