NPDC takes data protection campaign to NCDMB, tasks organisations on privacy policy


*Participants at the workshop

Oritsegbubemi Omatseyin

Lagos — The Nigerian Data Protection Commission, NPDC, on Tuesday at the Nigerian Content Tower, NCT, corporate headquarters of Nigerian Content Development and Monitoring Board, NCDMB, Yenagoa, tasked organisations in the country to treat personal data as highly sensitive information by instituting appropriate measures to minimise data breaches.

Speaking at a one-day Data Protection and Privacy Induction Training for staff of the Board, facilitators drew attention to the Nigerian Data Protection Act, NDPA, 2023, which aims to “safeguard the rights of individuals regarding their personal data and establish guidelines for organisations handling such data,” while highlighting multiple vulnerabilities in current data management systems.

In the lead presentation, Ms Adaobi Fatima Sanni, said data protection is primarily concerned with measures and mechanisms to safeguard data against unauthorised access and breaches or loss, pointing out that under Section 37 of The Constitution of the Federal Republic of Nigeria, 1999 (as Amended), the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is guaranteed and protected.

‘Principles of Processing Personal Data,’ as highlighted by Ms Sanni, include Data Minimisation, which demands that data should be adequate, relevant and limited to what is necessary in relation to the purpose for which they were collected, Accuracy and Storage Limitation. Under the latter, she emphasized that personal data should be kept only for the period necessary for the purposes, once data is no longer needed they should be deleted or rendered anonymous.

To ensure compliance with the NPD Act, she urged organisations to develop a data privacy policy, process data in line with the principles of the NDPA, designate a senior officer as a data protection officer, register as a data controller/processor of major importance with the Commission, engage a DPCO to file data protection audit, and direct contractors, vendors to comply with the Act.

News  OPEC+ to decide on extending oil production cuts into Q2 2024 in March

In the second major presentation titled “Technical and Organizational Measures for Data Protection,” the facilitator, Mr Victor Danladi Barde, said Section 40 of the NDPA sets out strict requirements for data controllers/processors to take appropriate action within 72 hours of becoming aware of a personal data breach.

On cybersecurity, relating to protection of networks, computers and other electronic devices against unauthorised access to or interception of data stored on them, he listed necessary proactive and reactive measures.

Proactive security practices include data loss prevention, penetration testing, nurturing cybersecurity culture and attack surface management. These security measures he emphasised help organisations not only identify the vulnerabilities beforehand but also get to rectify them to avoid any future issues.

Reactive security measures include vulnerability assessment, disaster recovery plan, endpoint detection and response, and incident response. According to him, “Responding to security incidents quickly, efficiently and in an organised manner will help organisations minimize damages, mitigate threats, restore operations, services and processes.”

In another presentation, Mrs Adama Isamade dwelt on why organisations have to take the issue of data protection and the rights of data subjects seriously, highlighting practical experiences of organisations in regards to compliance and non-compliance. She recalled the case of a breach that resulted in litigation against a major financial institution that ended in the latter having to pay over N580 million.

Earlier in a welcome address the Acting General Manager, Planning Research and Statistics of the NCDMB, Mr Ene Ette, expressed appreciation to the NDPC for the training provided to staff at no cost to the Board. He assured that the knowledge obtained would be put into practice to enhance better data management practices in the organisation.

News  Banks can’ go “cold turkey” on oil and gas industry without energy security risks, Barclays CEO says

In a vote of thanks at the conclusion of the training, Mr Akinlade Abisoye, a supervisor in Planning Research and Statistics, thanked the facilitators for the initiative, stating that the enlightenment was profound.



This article was originally posted at sweetcrudereports.com

Be the first to comment

Leave a Reply