The European Union General Data Protection Regulation (EU GDPR) which was adopted two years ago came into effect officially on 25 May, 2018.
Despite its threat to sanction all businesses within and outside the Euro zone that are not compliant to its new privacy protection guidelines, many Nigerian companies seem not to mind as most are yet to update their data privacy policies.
At the basics, the GDPR compels organisations to secure clearer consent for using people’s information and introduces tougher fines for failing to protect people’s data.
The GDPR which replaces the 1995 Data Protection Directive brings new dimension to data utility and protection. One of the things it is meant to achieve is universality, by creating a common set of rules and practices that apply across the European continent, and possibly with time, in the world. It also focuses on enforcement, the capacity for regulators to fine any company in breach of GDPR as much as 4 percent of its total worldwide sales.
The GDPR applies to any organisation using or processing the personal data of EU residents, imposing tough penalties on those that fail to protect such information adequately.
Before it became official, a lot of organisations including technology companies like Facebook, WhatsApp, Google, LinkedIn, Twitter, SnapChat, Instagram, Amazon and many others had all announced unprecedented updates to their privacy policy that recognises the new guidelines in the EU GDPR.
But the same cannot be said of over 90 percent of Nigerian-based companies whose business transactions might be exposed to the rules one way or the other.
To be fair, thousands of businesses based in Europe also missed the deadline. In the United Kingdom which is next door to Europe, only about 60 percent of businesses were prepared for GDPR’s May 25 timeline, according to Spiceworks study released May 24. Just a quarter of US businesses were also expected to meet the deadline as well.
There are quite a number of Nigerian companies, including banks which services are accessible via the internet to anyone in any part of the world, including the European region. Nigerians living in the EU region also contribute significantly to remittances in their home country and they carry out most of the transactions through financial institutions based in Nigeria.
Interestingly, the GDPR affects everyone living within the European Union. Thus, if Nigerian companies desire to continue their transactions with customers within the continent, they would have to comply or face sanctions.
LegitNG, a Nigerian-based online legal services provider, noted in a ‘Quick Guide to the GDPR for Nigerian Companies’ that “GDPR awareness in Europe has reached a frenzied pitch and companies will be looking to not only protect data within their control but ensure that they do not share important data with partners who have no structure for data protection. The fact that Nigeria still has no enforceable data protection law till date places Nigerian companies as risky partners for the purpose of data sharing with EU entities.”
Some of the businesses that spoke to BusinessDay cited lack of time and resources. One of the companies said their team were still studying the new rules and will respond accordingly. It should be noted that successfully complying with a law that promises severe penalties could come with its own expense as companies will need to engage the services of lawyers, consultants and advisers on data-protection. Some experts say it favours companies that are organised and capable of great expenditure.
A senior manager in one of the commercial banks in Nigeria told BusinessDay that the banks may not fully embrace the GDPR.
“At a time when we are talking about open banking and opening up bank APIs to different counterparties for consumption, we may suffer a temporary setback,” he said.
