
BLOG
BLOG
The Nigeria Data Protection Regulation (NDPR) is a crucial Nigerian government regulation that addresses significant concerns about personal data privacy and unregulated processing. Launched in early 2019 by NITDA, a government body that regulates information technology in the country, it was designed to establish a robust data privacy and protection culture for all Nigerians and ensure their personal data is secure.
The NDPR serves the following purposes:
The regulation applies to all storage and processing of personal data regarding Nigerian citizens and residents. By mirroring Europe's GDPR Framework, NITDA demonstrated its unwavering commitment to safeguarding citizens' online security.
Private organizations, such as mobile development companies that control or process data, must comply with this regulation to stay operational. Fortunately, we're here to help you avoid any costly missteps.
Follow our 5-step process for confidently navigating the NDPR compliance requirements!
Non-compliance with NDPR can lead to the following:
In a nutshell, non-compliance with NDPR can be detrimental to your business. Therefore, it's essential that you start implementing the guidelines. But how? Read along to find out.
Please Note. As the NDPR is relatively new, and penalties & mechanisms are still being developed and tested, the above list might vary with time.
The first step towards being compliant is finding if you're a data processor or a data controller. Here's the difference between the two:
Why is it important to determine what type of data handler you are?
Well, it's important because most data compliance obligations are imposed on the data controller. The data controller will be held liable for any violation done by the data processor or the data controller.
After pinpointing the exact nature of your organization, it's crucial to ensure that data collection and storage processes are in line with all necessary NDPR regulations. Taking a step back to determine compliance can be an invaluable investment for any business - allowing you to understand where exactly you stand when protecting confidential information!
Once you know what processes your organization follows and where it stands in terms of data protection, you need to deal with the issues.
Let's say you find that your organization isn't collecting data appropriately. The first step should be tweaking the data collection processes so you collect data only with explicit consent from the users. And if your organization isn't storing or handling personal data appropriately, you may have to opt for data encryption technologies.
Similar to GDPR, to comply with NDPR, you must appoint a Data Privacy Office (DPO), which can be an individual or an entity. Here are the primary roles of a Data Privacy Officer:
The data controllers who process the personal data of over 1000 subjects in 6 months must submit a soft copy of the audit to the NITDA through their appointed DPOs. Moreover, data controllers who process the personal data of over 2000 individuals in 12 months need to submit a copy of the audit every year. Here's what the audit must contain:
In addition to following the above steps, you also need to train your staff. Because only if your staff/employees know the importance of NDPR will they be able to follow the regulations and help you stay compliant. And to ensure that, you can reach out to training agencies or individuals certified by the NITDA.
Are you ready to launch your mobile app in Nigeria? Follow the 5-step process and adhere to NDPR guidelines. To ensure data privacy is preserved, consult our Security Security Checklist to Launch a Mobile App in Nigeria when developing or publishing an iOS or Android mobile app. Make sure your organization and its products are held up to Nigerian standards - now let's get that app out there!
Stay ahead of emerging threats, vulnerabilities, and best practices in mobile app security—delivered straight to your inbox.
Exclusive insights. Zero fluff. Absolute security.
Join the Appknox Security Insider Newsletter!