The Nigeria Data Protection Bureau (NDPB) is statutorily mandated by the NITDA Act of 2007 to develop regulations for electronic governance and monitoring of the use of information technology and electronic data. Conscious of the concerns around privacy and protection of Personal Data and the grave consequences of leaving Personal Data processing unregulated, NDPB has issued the Nigeria Data Protection Regulation (NDPR). The NDPR provides legal safeguards for the processing of personal data. Under the NDPR, personal data must be processed in accordance with a specific, legitimate and lawful purpose consented to by the Data Subject. This Regulation applies to all transactions intended for the processing of personal data and to actual processing of personal data notwithstanding the means by which the data processing is being conducted or intended to be conducted and in respect of natural persons in Nigeria and it equally applies to natural persons residing in Nigeria or residing outside Nigeria but of Nigerian descent.
WHY DO YOU NEED A DPCO ?
The Nigeria Data Protection Regulation, 2019 (the “Regulation”) by Nigeria Data Protection Bureau (NDPB), requires companies and businesses that collect and process personal data of Nigerians for resident or non-resident) to engage the services of DPCO to conduct audits, in line with the provisions of the Regulation.
WHICH ORGANIZATIONS ARE REGULATED ?
Organizations (local or foreign) that collect or process the personal information of resident or non-resident Nigerians (such as names, email addresses, physical addresses, telephone numbers, bank details, or any personal information).
WHEN SHOULD YOU ENGAGE A DPCO ?
If you have data of up to 1000 Nigerians, you are mandated by law to engage the services of a DPCO for the purpose of auditing your data practices.
FINES FOR NOT COMPLYING
Organizations that fail to comply are at risk of a penalty of up to 2% of their annual gross revenue or 10 million naira (whichever is greater) issued by the NDPB, in addition to any criminal or civil liability.