The Association of Telecom Companies of Nigeria (ATCON) has urged its members to comply with Nigeria Data Protection Regulation as stipulated by the Federal Government through the National Information Technology Development Agency (NITDA). ATCON President, Mr. Olusola Teniola, made this call at a virtual meeting on Nigeria Data Protection Regulation held recently with the theme ‘Benefits and Compliance Process.’ Teniola disclosed that the virtual meeting aimed at creating awareness and encouraging its members to implement the Nigeria Data Protection Regulation.
He called on members to ensure that they did not run against the Nigeria Data Protection Regulation 2019. According to him, ATCON partnered with NetHost Nigeria Limited to host the event in order to prevent its members from running against the Nigeria Data Protection Regulation 2019. “As we all know the regulation aims at protecting and guarantying the safety of all users of the web from the unscrupulous people who use their knowledge to defraud and cheat people who are genuinely transacting business over different websites (public and private).
“It should also be emphasised that data is now the new gold and it must be treated accordingly, ATCON embarked on the awareness and implementation of the data protection regulation because of its strategic importance to our members’ businesses and to reduce or prevent cybercrimes by ensuring the safety and protection of Nigerians digital details on the world wide web as the failure to give adequate protection to data could be very devastating and costly to individuals and businesses,” he said. He further commended Mr. Inuwa Kashifu Abdullahi, Director General/ CEO, National Information Technology Development Agency (NITDA), for putting the document together for the benefits of Nigerians who have moved their physical transactions online.
The data protection regulation, which is binding on all entities handling Nigerians’ data “provides that personal data shall be collected and processed in accordance with specific, legitimate and lawful purpose consented to by the data subject.” Article of the regulation mandates the data controller to expressly inform the data subject of the purpose(s) of the processing for which the personal data is intended as well as the legal basis for the processing. Data controllers are also expected to collect the minimum required data and avoid unnecessary surplus. Data that is not useful for the controller ought not to be collected. No data shall be obtained except the specific purpose of collection is made known to the data subject.
This principle relates also to the principle on the purpose of collection. On enforcement, the NDPR classified controllers into large and small categories. Those who process data of more than 10,000 data subjects are liable to forfeit two per cent of their annual gross revenue while those handling less than 10,000, would lose up to one per cent of their AGR.