The National Information Technology Development Agency (NITDA) has urged Nigerians to comply with the new EU General Data Protection Regulation (GDPR).
The director general of NITDA Dr. Isa Ibrahim Pantami in a statement on Monday stressed that failure to comply will result to loss of income and create negative impact on Nigerian businesses.
This businesses include those that collect, store and process personal data of European Union (EU) citizens for the provision of goods and services, and the general public.
A breach of the regulation can attract a fine of up to 4% of a company’s annual global turnover or an equivalent of twenty million euros (€20 million).
Furthermore, companies can be fined up to 2% for not having their records in order, not notifying the supervising authority and data subject about a breach or not conducting impact assessment.
Recall that the GDPR was adopted on April 27 the, 2016 and becomes enforceable from May 25th 2018, replacing the data protection directive of 1995/46/EC. It was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
The director general, notes that the Agency has realized this regulation might have huge impact on Nigerian businesses and/or individuals that use Information Technologies to collect, store, process and transact on EU citizens personal data in EU territory or elsewhere.
“It is in the utmost interest of the Agency to protect Nigerian businesses from unnecessary exposure to the risks of this regulation and/or any regulations that might have negative impact on their businesses as well as the rights of Nigerians that have dual citizenship of any EU member state.
“NITDA therefore calls on Nigerian organizations that are controllers and processors of personal data of EU nationals to note that companies that meet the following criteria must comply:
“have offices in an EU member state; have no offices in any EU member state but processes personal data of EU nationals and residents; have more than 250 employees; and have fewer than 250 employees but its data processing impacts the rights and freedoms of data subjects or occasionally includes certain types of sensitive personal data.
The regulation, Dr. Pantami said, requires data controllers and processors to seek consent from data subjects in an intelligible and easily accessible form, clearly specifying the purpose for the collection.
Other implications of the new regulation stipulates that consent must be clear and distinguishable from other matters and presented in a clear and plain language.
“The regulation also gives data subjects the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. They also have the right to transmit data they had previously provided to another controller.
“Furthermore, they are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
The DG further tasked operators of Nigerian businesses, especially those carrying out online transactions and meet the GDPR compliance criteria to put in place appropriate measures to observe the provisions of this regulation to avoid being sanctioned for a liable breach.
Blueprint gives you the latest Nigerian news in one place. Read the news behind the news on burning National issues, Kannywood, Videos and the Military
