The Nigeria Data Protection Regulation (NDPR) 2019 strives to bring sanity to the handling of personal data as it is a critical resource for the transformation of economies. The NDPR addresses all issues and safeguards necessary for the handling of personal data belonging to Nigerians – processed either within its shores and/or transmitted outside.


The reality of our modern, technology driven-era is that so much data is entrusted to organisations and systems one hardly knows. As a matter of fact, multibillion-dollar infrastructure and resources have been deployed just for the purpose of capturing personal data. Businesses prefer to be paid in data rather than in naira, hence the rising wave of ‘FREE’ things on the internet. The cost of the ‘FREE’ is paid for by the personal information freely given to the platform owner. Data, actually is wealth and it is indeed the new oil.

Those who control data control money, the society and people’s lives. Facebook, Alphabet (owners of Google), Amazon, Alibaba, to least a few, are highly successful because of the volume and value of data they control. Those who hold data hold the key to a sustained wealth in the digital economy. Our phone numbers, email addresses and other personally identifiable information are worth thousands of dollars. Those who know how to aggregate data and transform it into commercial value would continue to prosper in the new economic framework.

The basic objectives of the regulation include:

a) to safeguard the rights of natural persons to data privacy;
b) to foster safe conduct for transactions involving the exchange of personal data;
c) to prevent manipulation of personal data; and
d) to ensure that Nigerian businesses remain competitive in international trade through the safeguards afforded by a just and equitable legal regulatory framework on data protection and which is in tune with best practice.

At the National Information Technology Development Agency (NITDA), we believe digital transformation provides developing economies new opportunities to improve industrial age infrastructure, to draw on the vast knowledge spill-overs from the internet, to take advantage of new markets offered by digital platforms and to exploit production possibilities enabled by digital technologies. It also increases the distance to the technological frontier as leading-edge countries race forward.

At NITDA, we support initiatives in developing programmes to support e-government initiatives, strengthen cybersecurity, develop digital skills for digitally excluded citizens on the basis of age, gender and regions, while enhancing the regulatory and market environment to increase access to information and communication technologies (ICTs), and promote ICT-centred innovation and entrepreneurship.

Conclusion

The Nigeria Data Protection Regulation (NDPR) 2019 strives to bring sanity to the handling of personal data as it is a critical resource for the transformation of economies. The NDPR addresses all issues and safeguards necessary for the handling of personal data belonging to Nigerians – processed either within its shores and/or transmitted outside.

Businesses can benefit from operating in compliance as transparency and best practice implicitly enshrined in the regulation begets business growth and boost customer confidence. Furthermore, costs associated with a data breach, such as paying back any money taken as a result of the breach, legal costs, compensating affected customers, share-value plummeting and having to pay for the right protection, can be avoided.

There are various conditions that can put a data controller in breach of this regulation. The landscape is vast and almost limitless. DPCOs can create a huge industry and business empire by closely working with data controllers, to avert breaches or file for redress. For this regulation to bring desired fruitage, it needs to be owned and socialised, and NITDA needs the cooperation of everyone as we strive to ensure the safe use of our data, and avoid being in breach of the Law.

Kashifu Inuwa Abdullahi is director-general of the National Information Technology Development Agency (NITDA).

This is the text of the keynote address delivered at the Lawyard Symposium On Privacy and Data Protection held at Ikeja GRA, Lagos on Novermber 7.