Privacy watchdog, Nigeria Data Protection Bureau (NDPB), said it is fostering a “culture of compliance to issues of data privacy” across all sectors and among all stakeholders.
The National Commissioner (NC) of the NDPB, Dr. Vincent Olatunji, told IT Edge News in Abuja during an interactive session that while the Bureau is working to balance the issue of sanction and regulatory advice, it has the statutory responsibility to ensure data controllers and other stakeholders comply with the regulations on data privacy.
The Nigeria Data Protection Regulation (NDPR) issued in January 2019 is the principal legislation on data protection in Nigeria and prescribes both obligations and penalties for any data data breach.
“Our approach is to both offer regulatory guidance and sanction breaches. People see regulating the digital economy sector from the perspective of creating unnecessary road blocks to development. And that is why we insist that under the National Digital Economy Policy and Strategy (NDEPS), what we have is developmental regulation,” said Dr. Olatunji.
He added: “We are regulating to enhance development, to stimulate the ecosystem the way that will yield socioeconomic development and that is why even the issue of data protection regulation itself has generated a lot of jobs, wealth, and international recognition for Nigeria as a country.”
The Bureau is currently investigating Wema Bank PLC and KC Gaming Networks (Bet Naija) for alleged data breaches.
The NDPB is looking at whether there was an abuse of data privacy, or whether the data controllers disregarded privacy laws as they concern consent or compliance.
According to Olatunji, part of the Bureau’s roadmap is to create awareness around data privacy, data protection.
“We want to create a culture of compliance, that nobody is forcing you to comply. You see it as what you need to do, that is regulation or compliance by design or by default. Right from the time you’re developing your database or you want to manage it, you know you’re at the planning stage. You would have incorporated the idea by putting in place appropriate technological measures, in terms of appropriate manpower, software or even the physical infrastructures.”
“We are here to guide the organisation, to advise them on the area of awareness, capacity building. measures put in place, check that they are in compliance with the provision of the law. So that is why we are saying, “comply by culture, by design, by default.”