TheCable

The National Data Protection Commission (NDPC) says it plans to licence more certified data protection compliance organisations (DPCOs) in the country.

Vincent Olatunji, the national commissioner of NDPC, spoke at a news conference on the implementation processes of the Nigeria Data Protection Act (NDPA) of 2023, in Abuja on Monday.

Last week, President Bola Tinubu signed the data protection bill into law.

Speaking at the news briefing, Olatunji said the country can barely boast of 152 licenced DPCOs in a population of over 200 million people.

He said licensing of more DPCOs would ensure that Tinubu’s target of creating one million jobs in the digital economy sector is realised.

“Measures are being put in place to create 500,000 jobs in the data protection ecosystem, this is 50 percent of the job creation target for the sector,” Olatunji said.

“We will strengthen our regulatory frameworks for DPCOs and issue sector-specific guidelines, particularly for financial and telecom sectors.

“The objective is to provide agile frameworks that address peculiar vulnerabilities, risks, and opportunities on one hand, and on the other hand, provide a clear path for compliance.

“Considering the increase in the demand for compliance services, more DPCOs will be licensed, about 500 to 1000, to provide services and make the ecosystem competitive.”

Olatunji said the licensing will be progressive as the need arises.

He said part of the other steps to be taken toward implementing NDPA included public awareness campaigns as many citizens lack knowledge of the risks they are exposed to when they randomly divulge sensitive information about themselves.

“We will be developing a standardised framework for implementation, ensuring consistency and clarity across all sectors,” he added.

“This will involve guidance notices on key provisions of the law particularly those that relate to lawful basis of data processing, data subjects’ rights, compliance audit returns, and cross-border data transfer.

“We will improve capacity-building opportunities for data protection officers enrolled under the National Data Protection Adequacy Programme (NaDAP), thereby enhancing their ability to lead their organisations towards compliance.

“We will upscale the registration process for data controllers and data processors, simplifying compliance pathways and encouraging participation.”

2% GROSS INCOME PENALTY FOR NONCOMPLIANCE TO AUDIT 

Olatunji said the agency would introduce a definite calendar for filing annual compliance audit returns.

According to the commissioner, organisations that do not comply with the requirements, “stand the chance to be fined up to 2 percent of their gross annual income or in some cases, their chief executives prosecuted.”

“Our target is January to December, so organisations will have the opportunity to file within the first quarter of each,” he said. 

“The current dispensation of compliance under NDPR will be completed and only those who are compliant will be eligible for inclusion on the NaDPAP whitelist.

“This is not just about following a new set of rules, but about embracing a new era of data protection where respect for personal data becomes an integral part of our national ethos.”