NITDA to strengthen data protection through new bill

The National Info Technology Development Agency (NITDA), is to send a new Bill on Data Protection to the National Assembly to ensure stringent protection of personal data and regulation of the processing of personal information.

This comes as the Federal Government said it earned N12.650 million from the Data Protection Compliance Organisations (DPCO) Licensing and Audit report filing, while over 2,686 new jobs have been created.

Director-General of NITDA, Kashifu Inuwa Abdullahi, who disclosed this at the presentation of the Nigeria Data Protection Regulation Performance Report 2019-2020, in Abuja, noted that on May 25, 2018, the General Data Protection Regulation (GDPR) of the European Union (EU) came into force.

The GDPR impacted the small and medium enterprises (SMEs), who hitherto supplied goods and services to European-affiliated businesses or/and individuals, which shut out thousands of Nigerians.

He said NITDA felt the need to use its mandate as provided in Section 6(a,c) of the NITDA Act, 2007 to issue a national regulation that meets the basic tenets of data protection law while also providing a framework to catalyze compliance.

He noted that the data protection sector is currently valued at about N2.3billion, adding that the Agency has licensed 70 data protection compliance organisations, while 230 compliance and enforcement notices were issued.

According to him, eight data breach cases have been initiated and deposited with the Police, while over 790 issues were resolved.

“The Lagos Internal Revenue Service breach was investigated, a punitive fine was imposed and a remedial inspection visit has been conducted. This case made the first successful data breach case closed under the NDPR.

“We have issued Guidelines on Use of Personal Data by Public Institutions, 2020, and the NDPR Portal for filing of audit reports and reporting of breaches has been launched with the NDPR Implementation Framework 2020 issued.

“We have also experienced a number of challenges, which we are working on daily to bring the best value to the digital economy sector.”

Abdullahi listed the main challenges to include inadequate awareness, paucity of human and financial resources, and bottleneck to data breach investigation and prosecution among others.

The Data Protection Compliance Organisation model focuses on compliance rather than enforcement, and NITDA’s strategic relationship with regulators in Africa and beyond are areas the proposed Data Protection Commission should endeavour to replicate and strengthen, he added.