NITDA issues policy on data
IN A BID TO DEVELOP LOCAL storage capacity and increase employment in Nigeria, the National Information Technology Development Agency (NITDA)...
IN A BID TO DEVELOP LOCAL storage capacity and increase employment in Nigeria, the National Information Technology Development Agency (NITDA), has issued the cloud policy strategy and implementation framework that mandate domiciliation of data.
Olufemi Daniel, Nigerian Data Protection Regulation (NDPR) desk officer, said the agency has identified issues that could mitigate local data storage by finding ways to resolve them.
Speaking during the first interactive session on Nigeria Data Protection Compliance, organised by Taxtech and AO2 Law, in partnership with NITDA, Daniel said the agency is aware of issues plaguing local data storage, but is ready to offer incentives and improve business environment.
Urging Nigerians to support NITDA, he said the domiciliation of data is to increase security.
He said, “If we do not develop our local storage capacity, jobs would be lost to other countries. NITDA is also mindful of increasing compliance burden and do not want to create unnecessary panic.
“Because IT is ubiquitous, we constitute a national advisory committee on data protection. The committee is coordinated by chairman, Ministry of Communication, to ensure that there is a synergy and we can as a nation move in one direction. What we want to achieve is to ensure that data protection is progressing and not about whose power it’s being exercised.
“We expect firms to have published a revised privacy policy and seek subject consent based on the new privacy policy. Firms also should have done the initial data audit by October 25. So, data were supposed to be analysed based on the stipulated timelines. Also, data collated before January 2019 are not exempted from full protection,” Daniel said.
Joseph Udonsak, software engineer at Taxaide Technologies Ltd (Taxtech), a data protection compliance organisation (DPCO), said the NDPR would change the dynamics of business operations and data processes.
“This is because firms cannot take data just because you have the power to. Now, the challenge is understanding the data floor, and how you handle data,” he added. Udonsak said the data subject’s right is protected by this new regime as firms are expected to explain the reason for data collation.
He added that firms that have not taken the whole process from data collection to security standards would have a lot of restructuring to do.
“Organisations that don’t have any security infrastructure would be required to have a remediation strategy in place, which would be submitted for the preliminary audit in October 25. This is to show some level of implementation to avoid sanction,” Udonsak added.