National Data Protection Commission

Last updated
National Data Protection Commission
NDPC-Nigeria.jpg
Agency overview
Formed2022
JurisdictionFederal Government of Nigeria
HeadquartersNo.12 Clement Isong Street, Asokoro, Abuja
Agency executive
  • Dr. Vincent Olatunji, CEO
Website ndpc.gov.ng//

The National Data Protection Commission (NDPC) is a statutory Nigerian organization that is responsible for the regulation of data privacy in Nigeria. It was created by the Nigeria Data Protection Bureau (NDPB) in February 2022, as a mandate to oversee the implementation of the Nigeria Data Protection Regulation (NDPR) which was issued by National Information Technology Development Agency (NITDA) in 2019 as a subsidiary legislation of NITDA Act, 2007. [1]

Contents

History

In April 2022, the Nigeria Data Protection Bureau on the 7 of March 2022 hosted representatives of The Nigerian Association of Chambers of Commerce, Industry, Mines, and Agriculture (NACCIMA). The delegation was led by the Chairman, Digital Economy Group, Prince Adetokunbo Kayode, SAN, CON. [2] In February 2023, the commission partnered with Voice of Nigeria (VON) to harness the Fourth Industrial Revolution (FIR) era to promote Data Protection and Privacy in the country. They stressed the need for capacity building of staff to ensure efficiency and productive output in Voice of Nigeria in line with emerging technologies as the 4IR is an enabler of inclusive industrialization. [3] [4] In March 2024, The Commission launched an investigation into an alleged privacy breach at the National Identity Management Commission (NIMC). [5]

Data Controller/ Processor

The commission is responsible for enforcing data protection laws and ensuring compliance with data protection standards in Nigeria. NDPC aims to safeguard the privacy rights of individuals and promote responsible data management practices across various sectors. [6]

Data Protection Compliance Organisation(DPCO)

According to the commission, Article 1(3j) of the Nigerian Data Protection Regulation provides that a Data Protection Compliance Organisation (DPCO) is any entity duly licensed by NDPB for the purpose of training, auditing, consulting and rendering services aimed at ensuring compliance with this Regulation or any foreign Data Protection law or regulation having effect in Nigeria. A DPCO may be one or more of the following; Professional Service, Consultancy firm, IT Service Provider, Audit firm, Law firm. [7] [8]

Related Research Articles

The Office of the Data Protection Commissioner (DPC), also known as Data Protection Commission, is the independent national authority responsible for upholding the EU fundamental right of individuals to data privacy through the enforcement and monitoring of compliance with data protection legislation in Ireland. It was established in 1989.

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection.

<span class="mw-page-title-main">Data Protection Directive</span> EU directive on the processing of personal data

The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, was a European Union directive which regulated the processing of personal data within the European Union (EU) and the free movement of such data. The Data Protection Directive was an important component of EU privacy and human rights law.

<span class="mw-page-title-main">Information Commissioner's Office</span> Non-departmental public body

The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Science, Innovation and Technology. It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland. When they audit an organisation they use Symbiant's audit software.

Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

A regulatory agency or independent agency is a government authority that is responsible for exercising autonomous dominion over some area of human activity in a licensing and regulating capacity.

<span class="mw-page-title-main">National Agency for Food and Drug Administration and Control</span> Government agency in Nigeria

The National Agency for Food and Drug Administration and Control (NAFDAC) is a Nigerian federal agency under the Federal Ministry of Health that is responsible for regulating and controlling the manufacture, importation, exportation, advertisement, distribution, sale, and use of food, drugs, cosmetics, medical devices, chemicals, and packaged water.

Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handling sensitive information.

The Chief Privacy Officer (CPO) is a senior level executive within a growing number of global corporations, public agencies and other organizations, responsible for managing risks related to information privacy laws and regulations. Variations on the role often carry titles such as "Privacy Officer," "Privacy Leader," and "Privacy Counsel." However, the role of CPO differs significantly from another similarly-titled role, the Data Protection Officer (DPO), a role mandated for some organizations under the GDPR, and the two roles should not be confused or conflated.

Pseudonymization is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. A single pseudonym for each replaced field or collection of replaced fields makes the data record less identifiable while remaining suitable for data analysis and data processing.

<span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

The right to be forgotten (RTBF) is the right to have private information about a person be removed from Internet searches and other directories under some circumstances. The concept has been discussed and put into practice in several jurisdictions, including Argentina, the European Union (EU), and the Philippines. The issue has arisen from desires of individuals to "determine the development of their life in an autonomous way, without being perpetually or periodically stigmatized as a consequence of a specific action performed in the past".

<span class="mw-page-title-main">Data Protection Act, 2012</span> Legislation enacted by the Parliament of the Republic of Ghana

The Data Protection Act, 2012 is legislation enacted by the Parliament of the Republic of Ghana to protect the privacy and personal data of individuals. It regulates the process personal information is acquired, kept, used or disclosed by data controllers and data processors by requiring compliance with certain data protection principles. Non compliance with provisions of the Act may attract either civil liability, or criminal sanctions, or both, depending on the nature of the infraction. The Act also establishes a Data Protection Commission, which is mandated to ensure compliance with its provisions, as well as maintain the Data Protection Register.

National Identity Management Commission (NIMC) is a statutory Nigerian organization that operates the country's national identity management systems. It was established by the NIMC Act No. 23 of 2007 to create, operate and manage Nigeria's national identity card database, integrate the existing identity database in government institutions, register individuals and legal residents, assign a unique national identification number and introduce general multi-purpose cards.

The Rivers State Bureau on Public Procurement (RSBOPP) is a regulatory agency within the Government of Rivers State in Nigeria, which regulates, monitors and oversees public procurement, ensuring that its conduct in the state follows laid down rules, is accountable, transparent and delivers value for money. It was created by the Rivers State Public Procurement Law no. 4 of 2008.

The National Privacy Commission, or NPC, is an independent body created under Republic Act No. 10173 or the Data Privacy Act of 2012, mandated to administer and implement the provisions of the Act, and to monitor and ensure compliance of the country with international standards set for data protection. It is attached to the Philippines' Department of Information and Communications Technology (DICT) for purposes of policy coordination, but remains independent in the performance of its functions. The Commission safeguards the fundamental human right of every individual to privacy, particularly Information privacy while ensuring the free flow of information for innovation, growth, and national development.

The Campus Privacy Officer (CPO) is a position within a post-secondary university that ensures that student, faculty, and parent privacy is maintained. The CPO role was created because of growing privacy concerns across college campuses. The responsibilities of the CPO vary depending on the specific needs of the campus community. Their daily tasks may include drafting new privacy policies for their respective college campus, creating a curriculum that informs teachers and students about privacy, helping to investigate any privacy breaches within the university, and ensuring that the university is abiding by current state and federal privacy laws. CPOs are also responsible for connecting with student and faculty groups across the entire campus in order to understand the privacy concerns of the campus. The role of CPO is an expanding profession within the United States and other countries, such as Canada and South Africa. There are numerous organizations that exist to provide training for CPOs and support them.

Kashifu Inuwa Abdullahi, CCIE is a Nigerian Technocrat and the current Director-General of the National Information Technology Development Agency (NITDA). He has professional expertise in strategy implementation, solutions architect, and transformational leadership.

<span class="mw-page-title-main">Aliyu Aziz</span>

Aliyu Abubakar Aziz is a chartered engineer with over 30 years post-qualification experience in information technology, management, and administration. He is the current Director General and Chief Executive Officer of Nigeria's National Identity Management Commission (NIMC). He had previously worked with some of the most progressive Government Institutions in Nigeria during their transformative years.

References

  1. "About - NDPC". ndpc.gov.ng. Retrieved 2024-03-19.
  2. "Details - NDPC". ndpc.gov.ng. Retrieved 2024-03-19.
  3. "Details - NDPC". ndpc.gov.ng. Retrieved 2024-03-19.
  4. Chukwudiebere, Mercy (2023-07-24). "Commission Tasks Data Controllers And Processors on Compliance, Registration". Voice of Nigeria. Retrieved 2024-03-19.
  5. Nigeria, Geeky (2024-03-19). "NDPC Launches Investigation Into Alleged Privacy Breach At NIMC - Geeky Nigeria" . Retrieved 2024-03-19.
  6. Content, Branded (2024-02-10). "Nigeria Data Protection Commission (NDPC) Announces Registration Notice for Data Controllers and Processors". Punch Newspapers. Retrieved 2024-03-19.
  7. "Requirement - NDPC". ndpc.gov.ng. Retrieved 2024-03-19.
  8. Nwachukwu, John Owen (2023-12-19). "NDPC issues code of conduct for Data Protection Compliance Organisations". Daily Post Nigeria. Retrieved 2024-03-19.