Data Protection Updates
ESTABLISHMENT OF THE NIGERIA DATA PROTECTION BUREAU
On the 4th of February 2022, President Muhammadu Buhari approved the request from the Ministry of Communication and Digital Economy for the establishment of the Nigeria Data Protection Bureau (“Bureau”). Mr. Vincent Olatunji, a director at the e-Government Development and Regulations department at the National Information Technology Development Agency (NITDA), has consequently been appointed the Commissioner/Chief Executive Officer of the Bureau.
The Bureau is to be responsible for supervising and enforcing the applicable data protection law, in line with global best practices. Other responsibilities of the Bureau include consolidating the gains of the Nigeria Data Protection Regulation (NDPR) 2019 and supporting the development of primary legislation for data protection and data privacy.
NITDA EXENDS DEADLINE FOR FILING OF DATA PROTECTION AUDIT REPORTS TO 30TH JUNE 2022.
The NDPR provides that organisations processing personal data of more than 2,000 data subjects annually, shall not later than 15th of March each year file data protection audit reports. The NDPR Implementation Framework, which was issued in 2020 to supplement the NDPR, empowers NITDA to make adjustment to this statutory deadline. Accordingly, NITDA has extended the deadline for filing 2021/2022 audit reports to 30th June, 2022. The extension was communicated to Data Protection Compliance Organizations (DPCOs) and the aim is to enable familiarization with the operations of the newly established Data Protection Bureau.
NITDA, FCCPC AND ICPC RAID ILLEGAL ONLINE LENDERS OFFICES
On the 11th of March 2022, the above-named agencies raided the offices of several unscrupulous online lending entities. This was as a result of investigations around the naming and shaming practices, non-compliant data processing activities and violation of privacy carried out by the identified lenders to recover their loans. The intention of the FCCPC is to restrain the business of lenders found wanting, freeze their accounts and advise the general public not to do any business with them.
You can read our article on NITDA’s earlier sanction of online lending platforms for more information on compliant data processing practices
THE LAGOS STATE DATA PROTECTION BILL.
On the 25th of October 2021, the Lagos state Data Protection Bill (“LDPB” “Bill”) passed the second reading at the Lagos State House of Assembly. The aim of the Bill is to set out standards, rules, and salient overarching principles for the processing of personal data within the state. It is also expected that the Bill will attract additional revenue into Lagos state as it proposes a registration fee for data controllers and data processors that process data within the state. For more information on the implications of the LDPB, you can read our article here.