Technology advancement has increased the value of data, and many businesses are willing to invest in it. These data are obtained from customers directly or indirectly. When data is directly gathered, customers are often asked for their consent, and they typically provide it. In contrast, information that is gained inadvertently may be gathered through tracking or linkages to sources that already have the consumers’ data. Businesses use this strategy to improve their products and for research purposes.
To prevent unauthorized access, disclosure, or misuse of user’s personal information, data privacy and data protection policies are in effect. The right of people to decide how their personal information is gathered, utilized, and shared is referred to as data privacy. It involves making sure that people are informed about the information being collected on them, how it is being used, and with whom it is shared. Data protection policies, on the other hand, are protocols set up to safeguard private data against exploitation or unauthorized access. They require putting technical and organizational mechanisms in place to safeguard the privacy, usability, and authenticity of user data and also to prevent its loss, destruction, or alteration.
Data protection policies usually include instructions for the collection, processing, storage, and disposal of data. They also include safeguards for personal data security, such as encryption, access restrictions, and regular backups. Data privacy and protection regulations are crucial in the contemporary digital age, as personal data is captured, processed, and exchanged more frequently than at any time before.
User Data Protection in Nigeria
The Nigerian Data Protection Regulation (NDPR) was decreed in 2019 with the aim to ensure that individuals have control over their personal data and that it is processed fairly and legally. The NDPR mandates that businesses processing personal data get the individual’s consent before processing their information. Additionally, they must take the necessary security precautions to safeguard the personal data against theft, loss, and unauthorized access.
Nigeria has established the National Information Technology Development Agency (NITDA) in addition to the NDPR to handle issues with data privacy and cybersecurity. The NITDA is in charge of enforcing the NDPR and ensuring that businesses abide by the data protection laws. Moreover, the NITDA has created frameworks and recommendations to offer firms advice on how to put in place reliable cybersecurity and data protection buffers. These rules address subjects like privacy notices, effect analyses of data protection, and breach reporting.
In accordance with the NDPR, businesses must acquire consent from people before collecting their personal data and have strong security measures in place to safeguard it. Businesses must appoint a Data Protection Officer (DPO) as part of the NDPR, who is responsible for ensuring that the law is upheld. Other laws in Nigeria, in addition to the NDPR, that deal with data protection are the Freedom of Information Act of 2011 and the Cybercrimes (Prohibition, Prevention, etc.) Act of 2015.These laws strengthen the protection of personal information while also outlining the consequences of data protection laws infractions.
With a focus on safeguarding customer personal information and ensuring that businesses are held accountable for any violations by these laws, Nigeria’s data protection regulations are continuously improving.
Emmanuel Otori has over 10 years of experience working with 100 start-ups and SMEs across Nigeria. He has worked on the Growth and Employment (GEM) Project of the World Bank, GiZ, Consulted for businesses at the Abuja Enterprise Agency, Novustack, Splitspot and NITDA. He is the Chief Executive Officer at Abuja Data School.