• Tuesday, June 18, 2024
businessday logo


Meet Vincent Olatunji: Nigeria’s ‘Data Security Officer (DSO)’

Vincent Olatunji: Nigeria’s ‘Data Security Officer (DSO)’

If there is one sector that can boast the readiness to take Nigeria to the desired height in global competitiveness, a state of development that will signal Nigeria’s capacity to overcome its myriad challenges, it is the Information and Communication Technology sector.

Ever so proactive, the leadership of the sector has created the Nigeria Data Protection Bureau (NDPB).

The agency has the mandate of ensuring that data are adequately protected by taking measures to ensure the integrity of people handling data, in terms of what knowledge they have, how they want to process the data, compliance to requisite regulatory instruments and other issues.

Put in charge of the agency as its National Commissioner/Chief Executive Officer, is Vincent Olatunji, the erstwhile Director of e-Government Development and Regulations Department at the National Information Technology Development Agency (NITDA).

A one-time acting DG of the agency, he has also headed several of its departments and committees. Quite significantly, Olatunji was involved in the crafting of the National Digital Economy Policy and Strategy for the country, to drive Nigeria towards achieving a National Digital Economy.

What do Data Subjects really know about their rights? What do Data Controllers and Processors know about their obligations to Data Subjects? Not much is really known about that.

The creation of the agency followed a request by Isa Ali Ibrahim Pantami, Minister of Communications and Digital Economy, who stressed the NDPB’s establishment in line with global best practices, focusing on data protection and privacy for the country, among others.

Olatunji says of the challenge of ensuring safety in the ICT sector, with a population of over 200 million people, over 104 million Nigerians use the on the Internet.

They have one thing or the other to do on various social media platforms. There is so much to do online — banking transactions, even company registration, and international passport processing.

And when doing this, people put every information that can be used to identify them– name, date of birth, state of origin, religious background etc.

When these are put out, there is a need to, as the global practice, put in place appropriate measures to ensure that the data put there are safeguarded, adequately protected and regulated by a Data Protection Supervisory Authority to ensure that rights and freedom are not infringed on because there are some basic rights people are entitled to when sharing their data.

With his vast experience of practical acquaintance with government operations in Nigeria, having worked over 30 years in the Public Sector, he has demonstrated an ability in building result-oriented relationships between ICT and national development in Nigeria, the West African sub-region and globally.

He joined the public service as a Research Officer 2 under Federal Urban Mass Transit Agency. Then he moved to NITDA in 2002, and started the Planning Research and Statistics Department of NITDA, where he helped put measures in place to drive appropriate policies and strategies to promote the agency.

He is bringing on board significant experience in team building, research activities, policy development, strategic planning and implementation on various development initiatives across the three tiers of government in Nigeria.

Ekiti state-born Olatunji obtained a Ph. D in Geography and Planning from the University of Lagos. He also has an advanced diploma in Computer science, a Certified Public-Private Partnership Strategist and a Certified Data Protection Officer.

His preparation for his present position was provided by his qualifications, career progression and experience in the public service as well as the chairmanship of the Data Protection Implementation Committee and that of NITDA Issued Regulatory Instruments Compliance and Enforcement Committee.

He oversaw a process that has produced the following: Nigeria Data Protection Regulation (NDPR) in January, 2019; NDPR Implementation Framework, 2020; the first Data Protection Regulation Performance Report for Nigeria, detailing achievements, challenges and opportunities for the future; various awareness and sensitization workshops and seminars on the NDPR; licensed 103 Data Protection Compliance Organisations; the Guidelines on the Use of Personal Data by Public Institutions; generated over 8000 jobs within two years, over 4 Billion Naira for sector players and over 100 Million Naira revenue for the Federal Government.

On the extent to which Nigeria has gone in achieving its objectives in Digital Economy, Olatunji provides highlights: “ICT’s unprecedented contribution of about 17.9% to our GDP in 2021 laid credence to the massive contribution of the sector. This is as a result of the implementation of NDEPS.

Also since we have a regulation to protect the rights, privacy and freedom of citizens online and even offline, for those that collect data manually, the global practice is to have a full-fledged independent institution to be in charge of implementing that regulation or law.

That was why Mr. President, in his wisdom, created the Nigeria Data Protection Bureau on the 4th of February 2022.”

Read also: Our mandate is to protect data of every Nigerian – CEO, NDPB

The Bureau has journeyed from being a department to an independent agency. The challenge now is how it will impact on the economy of the nation, and how soon Nigerians will begin to feel its presence.

On this, Olatunji says: “We know that unemployment is a major issue in Nigeria and within three years, under NITDA, we were able to create 8,000 jobs. You can now imagine what will happen when you have a Bureau mainly in charge of that.”

The target in the next three years, is to have about 350,000 Certified Data Protection Officers (DPOs). According to him, there are about 3.1 million companies registered with the CAC.

There are also about 800 MDAs, and so many multinationals in Nigeria. The start-up ecosystem is about 27.1 million, and all these organisations process data in one way or the other, though some may not be up to 1,000.

However, a lot of them process more than 2,000. By so doing, they are supposed to file audit report with the agency. He assumes that if each of these organisations employs one DPO, at least one million jobs could be created.

“Now, Imagine that one million organisations file their audit report , and pay an amount when they do, even if it’s N20,000 for instance, that can amount to N20 billion generated to the purse of the government.

This is apart from the cost of licencing, and certification. We will have a Data Certification Authority to certify DPOs. So, it’s a huge data generating platform for government. It will create jobs, it will generate revenue, it will also assist in the ease of doing business.

Other countries in the world have recognised Nigeria as a country that is serious about data privacy and protection, and are willing to do business with us. Even DPOs in Nigeria can work for companies all over the world.

The perception about the country globally, which is intangible and cannot be measured. If you are among the white list countries, it gives credence, confidence, and trust, for people to do business with you. And you know what that means, in terms of our economy and Foreign Direct Investment,” he said in an earlier interview.

On his vision and plans regarding the discharge this constitutional mandate, Olatunji opens up thus: “The first thing is to see myself as a Nigerian. The interest of the country is very paramount to me.

That’s the global picture that I am seeing. Secondly, my pedigree, qualification and experience in public service I have been in the public sector for over 30 years.

I moved from a Research Officer 2, to the level of a Director, up to Acting DG in 2016, and the Director e-Government Development and Regulations. I have garnered a lot of experiences here and there, that really prepared me for this job.”

When the agency started it believed that awareness is really key. What do Data Subjects really know about their rights? What do Data Controllers and Processors know about their obligations to Data Subjects? Not much is really known about that.

Now, as a Bureau, within the next three years, the target is tens of thousands of companies filing their audit reports and this cannot be achieved without awareness.

It is important he says, for people to know what they need to do, and the importance of data protection and privacy; the regulations they’ll need to obey and how to process data of Nigerians, such that companies become aware of the need to have Data Privacy Policy, conduct data audit, conduct data process impact assessment and file audit report with the Bureau