The Nigerian Data Protection Regulation (“NDPR”) was issued by NITDA on 25th January 2019 (and became effective July 2019) pursuant to Section 6 (a, c) of the NITDA Act, 2007, to address the need to safeguard, regulate and protect critical information infrastructure against breaches. From the effective date public and private organizations collecting, processing or Storing Personally Identifiable information of natural persons residing in Nigeria or residing outside Nigeria but of Nigerian descent are mandated to ensure compliance with the regulation with annual reporting to NITDA through Data Protection Compliance organizations (DPCO’s) approved by NITDA.
Summarily, any business based in Nigeria must comply with and be able to demonstrate compliance with the data protection principles in the NDPR. The law establishes new rights for natural persons – “data subjects” – and creates new duties and responsibilities for organizations – “data controllers” and “data processors”. In effect, any organization dealing with Nigerians, (either residing in Nigeria or residing outside Nigeria but of Nigerian descent)’ data has to comply with the NDPR and demonstrate proof of compliance via reporting annually.
Data protection value proposition
As a NITDA licensed Data Protection Compliance Organisation (DPCO), Digital Jewels is positioned to provide a full compliment of data protection services to address the business, security and compliance needs of organizations at all stages of maturity in their data protection journey. Delivery of our data protection services is enriched by our in-depth understanding of the linkages of the data protection requirements with other best practice standards, ensuring the solutions and services we deliver incorporate the requirements from global standards such as ISO/IEC 27018:2019, ISO/IEC 27701:2019, ISO/IEC 27002, as well as address the provisions of the European, General Data Protection Regulation (GDPR), Ghana Data Protection Act, the Kenya Data Protection Act and the Nigerian Data Protection Regulation (NDPR)
Our proprietary approach addresses the requirements of the NDPR and the GDPR as well as other regional data protection regulations/Acts and ensures the implementation of robust, practical and sustainable data protection/privacy practices in organisations. Our implementation methodology stems from our painstaking understanding of the regulations, sound legal interpretation and an appreciation of the linkages with other global best practice standards and frameworks, able to enhance and strengthen the adoption of desired practices.