Data Protection Experts Identify Bottlenecks to DPR Implementation
RELEASED last year, Nigeria Data Protection Regulation (NDPR), clearly stipulates requirements for data collection, processing and defines how the data should be held and the ability to be used by third-parties.
This is a first step in ensuring safety of all users of the web.
The inclusion of hefty penalties for various cyber related crimes is also a key milestone in deterring cyber criminals and ensuring compliance with the law.
However, as laudable as the law appears experts have identified obstacles that if not addressed could make the regulation ineffective and of no value.
Brencil Kaimba, senior Cybersecurity Consultant Product Strategy and Development at Serianu, said that, putting policies and hefty penalties does not guarantee compliance or overall safety of the general public. “Comprehensive security has to consider People, Process, Technology and Policy.
“Laws only take care of the policy bit. A lot still needs to be done for People (particularly awareness, understanding the contents of the laws and their rights), Process (putting the right infrastructure for reporting and prosecuting these crimes) and Technology (equipping the law enforcement with the right tools to identi
fy and proactively detect noncompliance),” he said.
He however, identified major envisaged obstacles to the implementation of NDPR which includes; Low awareness in the country. According to him, “to address this, regulatory bodies will have to embark on nationwide awareness campaigns aimed at helping citizens understand the contents of these laws, process of identifying these crimes and how to report these to the police. Law enforcement training will also help equip police and prosecutors with the skills to identify cybercrime, obtain evidence and prosecute”.
He decries absence of infrastructure for identification and implementation of the law. “To implement data protection requirements, organisations need to have capabilities (either in house or outsourced) for data protection assessment, reporting etc. These are skills that were previously not existent. There is still need to acquire tools to identify noncompliance, monitoring infrastructure, audits etc. To address this, regulators together with data processors and third parties need to invest in proper technologies and or processes for monitoring both compliance and non-compliance to these laws.”
Corroborating Kaimba, Engr. Olusola Teniola, President, Association of Telecommunications Companies of Nigeria (ATCON) which recently opened an engagement with National Information Technology Development
Agency the proponents of NDPR on the enlightenment of its members on the regulation, said: “the biggest challenge is lack of skills sets and knowledge in the area of Data Science, Analytics and BIG Data to be able to ensure that an individual internet user’s personal data is truly secure.
“The complex nature of the Internet and other enabling social media platforms is evolving at vast speeds and this then places an additional burden on not only NITDA to acquire personnel that have these requisite skills but also the judiciary and other enforcement agents that NITDA will need to work alongside in order to effectively enforce the NDPR in its true spirit.