How the NDPR Affects Employee Data And Compliance

Hello Friend

It is another amazing Wednesday, and I am so glad to have come your way again. The month of February is going really fast and Valentine’s Day is just around the corner. I have seen people start up all sorts of businesses or step up their business activities to provide certain Valentine’s Day bonanzas or promotions and asking intending customers to sign up or make purchase on a website, send email or chat via WhatsApp on a designated number. Now, it is a fact that any one of these platforms engaged will collect at least one form of personal data from intending customers. Most often than not, you cannot exactly tell how safe these data are being processed or handled. Well, if you read our article last week, you would know what personal data is and the principles of handling personal data. If you haven’t read it, please click here to catch up. Trust me, this piece will make more sense to you then. Nevertheless, please read on.

When employees are hired by organizations and onboarded, personal data is collected and processed internally within the organization and others are sent out to be processed by third parties such as Health Management Organizations, Insurance Companies and Tax Authorities, among others. It is your utmost responsibility as an organization to ensure that these third-party organizations properly handle the personal data to prevent data breach incidences. Even within the organization, if it does not involve matters of national security or life-threatening situations, it might be unsafe to give out an employee’s personal data just because you have engaged their services and have access to their personal data. It is pertinent as an organization to comply with Nigeria Data Protection Regulation (NDPR) and apply every recommendation as made by your Data Protection Compliance Organization (DPCO) after an audit has been carried out.

The National Information Technology Development Agency (NITDA) which supervises and enforces data protection compliance in Nigeria have stated the following ordinances for data protection in Nigeria. The data ordinances have the objectives to:

  1.  Safeguard the rights of natural persons to data privacy: As explained in the previous article, every data controller must ensure the safe processing of every data of any individual collected and must understand the need to collect just enough data for any processing activity.
  2. Prevent manipulation of personal data: On no account should any data be assumed to meet a processing need. Consent of data subject should be sought if there is a need for additional information or inadequate information.
  3. Foster safe conduct of transactions involving the exchange of personal data. When there must be any exchange of personal data, ensure that the data administrator has instituted safe data handling processes.
  4. Ensure that Nigerian businesses remain competitive in international trade through the safeguards afforded by a just and equitable legal regulatory framework on data protection and which regulatory framework is in tune with global best practices. This will boost business partnership with other nations especially countries who have strong data protection regulations and avoid your organization from losing finances because of the fines that come from non-compliance.

The National Information Technology Development Agency (NITDA) has slated March 15of every year for organizations to have completed data protection audits and filed reports of compliance. Also, organizations are required to have a dedicated and trained associate in house to ensure the strict compliance with recommendations made by the Data Protection Compliance Organization after an audit has been carried out.

21Search in conjunction with the NDP Academy has a training to equip you with every necessary skill and knowledge to become a certified professional in Data Protection Compliance. Join us on the 26th of February for the Foundation Course and 5th and 6th of March for the Practitioner course. The NDP Academy has a faculty of seasoned Data Protection experts and well-designed modules packed with information to equip you as an elite data protection officer. It is also good to note the fast-approaching deadline date for organizations to get compliant. You can send us a message on our website and be sure to get your audit accurately done at the best affordable prices. Kindly visit or click here to see our event and training calendar and sign up.

Until I come your way again, stay safe, work smart and not just hard.

Love, Lizzy.

Leave a comment

Your email address will not be published. Required fields are marked *