Commission to Create Awareness on Nigeria Data Protection Act
The Nigeria Data Protection Commission (NDPC) says it is making efforts to create more awareness on the Nigeria Data Protection Act (NDPA) to ensure organisations and relevant stakeholders comply with the Act.
NDPC’s National Commissioner, Dr Vincent Olatunji, said this on Wednesday while commissioning one year implementation of the NDPA in Abuja.
NDP bill, which was signed as an Act of parliament by President Bola Tinubu on June 12, 2023, provides a legal framework for the regulation of processing and protection of personal information, and other related matters
Olatunji said that organisations’ non-compliance to the Act could result in public distrust and loss of business opportunities for the defaulting organisations.
He said though the law prescribed penalties and remediation fees for defaulting organisations but the commission was trying to build the culture of compliance and not out to look for those defaulting.
He attributed the low level compliance to lack of awareness and knowledge of the Act by organisations. The common challenge we have in propagating data privacy message is awareness; some organisations don’t even know about data protection law, while some don’t understand it.
“When we have interactions with them, they are willing to comply because we are approaching them from the perspective of the value in it for them. We tell them that when you are compliant, the perception, trust of people dealing with you to a large extent increase your business opportunities.
“But where there is no trust, nobody will believe you and we also let them know the repercussions, financial loss through their breaches.
“We are trying to build the culture of compliance; we are not necessarily out to look for those defaulting,” national commissioner said. On the level of compliance, he said that the private sector had been more compliant than the public sector.
Olatunji disclosed that the commission was making efforts at engaging Chief Executive Officers of government institutions and relevant stakeholders across board to increase the awareness on data privacy.
“When we started, the level of compliance within the private sector was about 49 per cent while the public sector was four per cent. But today, private sector compliance level is above 55 per cent, while the public sector compliance level has reached 15 per cent,” Olatunji said.
He disclosed that the commission within the period under review, received about 1,000 complaints on data breaches. Out of the 1,000 cases, majority of them were on digital loan companies that we call loan sharks.
“But we have also conducted investigations in the education sector, financial institutions, real estate, insurance, consulting, and schools. As at today, we have finalised four major investigations, and some have paid their remediation fees.
“In the law, we can fine companies depending on the nature of the breach, impact on the subject, and level of cooperation; and we have gotten N400 million from remediation fees,” he said.
Olatunji noted that the country’s large population and its huge land mass were affecting the commission’s effective interventions on data privacy. According to him, this is because some data privacy violators are operating from unknown locations. FG Seeks Support for Establishment of Energy Bank in Nigeria
