The National Information Technology Development Agency (NITDA), has issued the cloud policy strategy and implementation framework that mandate domiciliation of data, a move to develop local storage capacity and increase employment in Nigeria.
Nigerian Data Protection Regulation (NDPR) Desk Officer, NITDA, Olufemi Daniel, said the agency has identified issues that could mitigate local data storage by finding ways to resolve them.
Speaking during an interactive session on Nigeria’s Data Protection Regime, Daniel said the agency is aware of issues plaguing local data storage but is ready to offer incentives and improve the business environment.
Urging Nigerians to support NITDA, he said the domiciliation of data is to increase security. “If we do not develop our local storage capacity, jobs would be lost to other countries. NITDA is also mindful of increasing compliance burden and do not want to create unnecessary panic,” he added.
Daniel said the regulatory agency was established to implement the national Information Technology (IT) policy of 2000. He added that Section 36 provides the fine of N8billion for non-compliance to the data protection regime.
“Because IT is ubiquitous, we constitute a national advisory committee on data protection. The committee is coordinated by Chairman, Ministry of Communication to ensure that there is a synergy and we can as a nation move in one direction. What we want to achieve is to ensure that data protection is progressing and not about whose power it’s being exercised,” he said.
Noting that the regulation was issued in January 2019, he said that there are some milestones that we have given every organisation to comply.
“We expect firms to have published a revised privacy policy and seek subject consent based on the new privacy policy. Firms also should have done the initial data audit by October 25. So, data were supposed to be analysed based on the stipulated timelines. Also, data collated before January 2019 are not exempted from full protection,” he added.
Software Engineer, Tax Tech, Joseph Udonsak, said the NDPR would change the dynamics of business operations and data processes. “This is because firms cannot take data just because you have the power to. Now, the challenge is understanding the data floor, and how you handle data,” he added. Udonsak said the data subject’s right is protected by this new regime as firms are expected to explain the reason for data collation.
He added that firms that have not taken the whole process from data collection to security standards would have a lot of restructuring to do. He stressed that the NDPR does not require firms to have all the requirements in place now.
“Organisations that don’t have any security infrastructure would be required to have a remediation strategy in place, which would be submitted for the preliminary audit in October 25. This is to show some level of implementation to avoid sanction,” Udonsak added.