The Nigerian Data Protection Bill (NDPB) was officially signed into Law by President Bola Tinubu on Monday, 12 June 2023.
This was disclosed in a statement signed by Babatunde Bamigboye, head, of legal enforcement and regulations at the Nigeria Data Protection Bureau.
However, the bill proposed earlier by ex-president Muhammadu Buhari provides a legal framework for protecting personal information and the practice of data protection in Nigeria.
Crossborder transfer of personal information was restricted by the law while establishing data subject rights which include the right to object, consent, withdraw data, and the right not to be subject to a decision based solely on the automated processing of personal data.
Also, it highlights the overall principles for the processing of personal information, including the processing of sensitive information, data controller obligations which include breach notifications, the conducting of Data Protection Impact Assessments (DPIAs), and the appointment of a data protection officer (DPO)
What to know about the bill
According to the statement, “the NDPB, pursuant to the express provisions of the new act, has transmuted into a full-fledged commission,” and it is mandated to perform the following:
To regulate the deployment of technological and organisational measures to enhance personal data protection, Foster the development of personal data protection technologies, in accordance with recognised international best practices and applicable international law, conduct investigations into any violation of a requirement under the Act, Impose penalties in respect of any violation of the provisions of the Act or subsidiary legislation made thereof, Where necessary, accredit, license, and register suitable persons to provide data protection compliance services, Issue regulations, rules, directives and guidance under the Act, and register data controllers and data processors of major importance.
The bill however set up the Nigeria Data Protection Commission which will be led by a national commissioner to control how personal data is processed.
What this means for Nigerians
Apart from giving access to Data privacy, among others, the Bureau stated that signing the bill into law is part of the fulfilment of President Tinubu’s agenda to create over a million jobs in the country.
The Bureau stated that about 500,000 jobs are expected to be created through the training of data protection officers and licensing of data protection compliance organisations to offer services to data controllers and processors.
Meanwhile, experts who spoke to BusinessDay said the Bill will give Nigerians more confidence in the security of their data under the account of organisations or government agencies.
Mohammed Ibrahim Jega, co-founder, Domineum, said the signing of the Bill into law is very important as it provides best practices for organisations and the Nigerian government on how to use personal data, including regulating the process of those data and protecting them.
“This will build trust, reduce risk and prevent discrimination. Many people have access to and share people’s personal information unauthorized. With this law, there will be data authenticity and confidentiality. These are the key pillars that will help Nigerians because data is not managed. Data is the new oil and there are many issues around exposing people’s data, as people go as far as going to NGOs to collect people’s data and selling them to international NGOs.
“Sometimes you discover someone advertising something you don’t even know about in your name. It is called data mining which is bad. This act will help Nigerians protect their data and every organisation must sign towards the data protection, so they can be easily taken to court if data is compromised,” Ibrahim said.
Also, a Programmer identified on Twitter as @IBNAbiodun said the signing of the Bill is a welcome development in securing individual data which are most times extracted by opposing parties for illegal activities.
“Very good. Any company or agency asking for people’s personal data now knows they owe the people a great deal of responsibility to protect such data. Otherwise, they would be sued. We saw the ease with which people’s medical records could be used for campaigns by opponents in the past. Education history, financial records, must not be shared without people’s approval,” he tweeted.
Meanwhile, Nigeria has made efforts to address data protection and privacy through the Nigeria Data Protection Regulation (NDPR) issued by the National Information Technology Development Agency (NITDA) in January 2019.
The NDPR is a comprehensive data protection regulation that outlines the requirements and obligations of data controllers and processors in Nigeria. It aims to safeguard the rights of individuals regarding the processing of their personal data and ensure the proper handling and security of personal information.