The Nigeria Data Protection Bureau (NDPB) has called on Nigerians to protect their data at all times, to avoid compromise.
The National Commissioner of NDPB, Dr Vincent Olatunji, made the call on Tuesday in Abuja in an interview with the News Agency of Nigeria (NAN).
Olatunji said that data subjects (owners) had the right to raise questions whenever such information was being demanded for anywhere, saying data controllers and processors also had the onerous duty of protecting such data within their domain.
“As a data subject, you must put in measures to protect your personal data, meaning that anytime your data is being collected, you have the right to know why your data is being taken.
“You have the right to know how it is going to be processed, kept, if it is going to be shared with third party, can it be reviewed or updated?
“On the part of data controllers and processors, what kind of technological measures are you putting in place, physical infrastructure, the calibre of people protecting these data.
“If information in their domain is hacked, they are to answer for it,’’ Olatunji said.
According to him, the bureau encourages organisations to put up data privacy notice in their premises, social media platforms which is the first thing people will see to ensure data protection.
He added that data subjects, controllers and processors must be alive to their responsibilities to ensure that data shared, processed and stored were totally protected.
According to him, data is meaningless when it has not been processed because it is majorly needed for decision making, policy making, behavioural information of anything, among other use.
“We have to take issue of data privacy, protection seriously and for the reputation of Nigeria too because trust and confidence are really important.
“We need to let people have trust in our system, confidence to improve on our ease of doing business in Nigeria,’’ he said.
He disclosed that the bureau had set up a committee to work on developing a clear roadmap for the country in data protection.
Olatunji said that the bureau was also collaborating with stakeholders to upgrade the Nigerian Data Protection Regulation (NDPR) signed in January 2019 to a principal legislation.
The NDPB’s boss said that the regulation empowered the bureau to enforce compliance for data privacy and punish defaulters of data breach.
He explained that there were processes for investigating data breach,” which starts from writing the organisation for explanations, getting feedback, comparing with what you have and necessary actions.
“The first thing is to find out if they have complied with the NDPR by filing their audit report, ensuring they meet up the parameters of the NDPR.
“There are levels of punishment for data breach defaulters, there is administrative fine which the bureau has the power to impose.
“The defaulter can be arraigned in court, we also have a very robust part of our constitution, Section 37 as amended that addresses the issue of privacy.
“There is no escape for any organisation that allows data breach,’’ he said.
The NDPR, established in January 2019, was signed by Prof. Isa Pantami as the then Director- General of the National Information Technology Development Agency (NITDA).
The NDPR came as a subsidiary legislation and a fallout of the NITDA Act of 2007, backed by law to create subsidiary legislation as potent as the act.
NDPR, being under the purview of NITDA, hence the creation of the bureau saddled with the responsibilities to handle data privacy and protection-related matters in the country.