The Oyo state government has begun the official implementation of the Nigeria Data Protection Regulation (NDPR) for eight of its ministries, departments and agencies (MDAs) which will be participating at the opening stage of the scheme.
Recall that the state held an NDPR implementation kickoff meeting weeks back; which was designed to be a preparative session for all stakeholders drawn from the participating MDAs.
Similarly, the state had previously engaged the services of Data Protection Services Limited (DPSL) for a more detailed implementation of NDPR in a way to position the pace setter state towards national and global compliance with data security and privacy regulations.
The MDAs listed to participate in the NDPR include; Ministry of Finance, Ministry Justice, Ministry of Agriculture, Natural Resources and Rural Development, Board of Internal Revenue, Ministry of Health, Civil Service Commission, and Bureau of Public Procurement.
The NDPR, issued by the National Information Technology Development Agency (NITDA), is Nigeria’s primary data protection legislation. It provides the legal framework for data protection compliance requirements and managing breaches including the imposition of penalties for defaulters.
Immediately after its inauguration in 2019 to serve as the number one data protection and regulation agency, all public and private entities that process the personal data of more than 1000 data subjects in a period of six months and 2000 data subjects in a period of 12 months are mandated to submit a Data Protection Audit Report to the NITDA.
By law, the submission is annual and mandatory. Data protection audit filing must be not later than March 15 of every year.
By the provision of the NDPR, “compliance is not a one-off obligation but a continuing activity for data controllers and processors in Nigeria.”
Failure to file these returns to NITDA is deemed a breach of the NDPR,” says one report by Mondaq AI.
“NDPR is no longer an option. Globally, it is a requirement and compliance is increasingly becoming the benchmark upon which state entities can access international grants or be able to access loan instruments for development. This has made it critical for civil servants to understand the existing guidelines for data privacy and security,” said the Managing Director of DSPL, Mr Tunde Balogun at the opening of a recent training session in Ibadan.
Oyo State is the first state in Nigeria initiating a state-wide NDPR implementation across several MDAs as DSPL begins work this week in Ibadan. The implementation also covers NDPR exposure trainings expected to benefit no less than 40 per cent of the state’s over 115,000 civil servants.
Public servants will undergo series of data protection, privacy trainings – all part of the deliverables by DSPL. Other deliverables include awareness creation for civil servants on data privacy policies for MDAs; collection of data, disposal of data; and audit of the state’s MDAs to assess their level of data protection readiness.
Reacting at the NDPR pre-implementation meeting, the Permanent Secretary (General Administration) Mrs. Adejoke O. Eyitayo stated that Oyo State is the pacesetter state, and our governor believes that information technology including programs like this could further help his agenda to rapidly develop the state and the people.
Similarly, during the NDPR kickoff meeting, the Special Assistant on ICT & e-Governance to the Oyo State Government, Mr. Adebayo Akande, had tasked the DSPL on the need to have a comprehensive approach to implementing the deliverables of the NDPR project in Oyo state. According to him, the Oyo state remains committed to improving the digital skill sets of all civil servants regarded by the governor as critical human resource.
“NDPR, impose specific legal compliance requirements on private and public entities in relations to handling of citizens’ personal data. Governments are the biggest processors of personal data of Nigerians. The tendencies for breaches or abuses are highest among MDAs whether at state or federal level. Preparing government officials for global best practice in data privacy and protection is critical to positioning the state for growth or ability to access global cooperation and international financing as the world increasingly tilts to digital economy,” stated Balogun.