By Prince Osuagwu
Managing Director of Essential Security against Evolving Threats, ESET, for Nigeria and Ghana, Mr. Olufemi Ake, has said the only way Nigeria will key into data governance that is trending across the world, is for both public and private organisations in the country to comply with the Nigeria Data Protection Regulation, NDPR.
He said compliance will impact data protection governance, information systems and security configuration, as well as documented policies and processes.
Ake, at a zoom conference on how organisations can comply with the data protection regulations, said these requirements are already in force, and implications of not adhering to them are complex and the potential penalties for non-compliance, severe.
He argued that encrypting data and creating additional authentication for data accessibility in organisations are a few ways to help in meeting the new data security and compliance rules.
According to Ake, “the National Information Technology Development Agency, NITDA, introduced The Nigerian Data Protection Regulation, NDPR, and enforced its compliance from January 2019 as the new requirement on collection and processing of personal data and requires such activities to be in accordance with lawful purpose consent by the Data Subject.
“Due to this, organisations have been mandated to put compliance measures in place within the first year of the regulation.
“Compliance with this regulation will impact Data Protection Governance, Information Systems and Security Configuration, as well as Documented Policies and Processes,” Ake added.
He listed objectives of the regulation to include: “To safeguard the rights of natural persons to data privacy; foster safe-conduct for transactions involving the exchange of personal data;
“To prevent manipulation of personal data and to ensure that Nigerian businesses remain competitive in international trade through the safe-guards afforded by a sound data protection regulation.”
NDPR applies to all storage and processing of personal data conducted in respect of Nigerian citizens and residents and it covers transactions intended for the processing of personal data and to the actual processing of personal data and person(s) residing in Nigeria or residing outside Nigeria but of Nigeria nationality.
He added that “unlike the EU’s General Data Protection Regulation (the GDPR), NDPR is not enforced on persons and organisations outside Nigeria that collect, store, or process data of Nigerians.
“The maximum penalty for breaches of data privacy rights on international transfers can be up to N10 million or two percent of the annual gross revenue of the preceding year, whichever is higher and based on the number of data subjects dealt with.
“Other massive losses that non-compliance could cause are reputational damage and prosecution of principal officers in the event of a severe data breach.”
He also affirmed ESET’s readiness to assist organisations in NDPR compliance.
He noted that “to ensure 100 percent compliance, organisations should ensure the following solutions are deployed and proactively used.
“Organisations are keenly advised to get data loss prevention, DLP, solution to ensure that sensitive data is not lost, misused, or accessed by unauthorised users.
“Most importantly the likes of ‘Safetica’ that classify regulated, confidential and business-critical data and identifies violations of policies defined by organisations or within a predefined policy pack, typically driven by regulatory compliance such as HIPAA, PCI-DSS, or NDPR.
“Multi-factor authentication will serve as an additional layer of protection of data from unauthorised users.
“This tool will help Data Controllers in securing all logins to database and networks (on-premise and cloud) by generating a one-time password that is not known to anyone, but unique to a particular user and per login.
“An excellent example of such a solution is ESET Secure Authentication.
“Organisations should also deploy data encryption technologies, develop an organisational policy for handling personal data (and other sensitive or confidential data), protect emailing systems, and ensure continuous capacity building for staff.
“Reports have shown that most organisations in Nigeria seek the above solutions to meet up with the compliance requirements of NDPR on Data Security.”