FG extends deadline on Data Protection Compliance – NDPB boss, Olatunji

The Federal Government has extended the deadline earlier set requiring organisations to comply with the provisions of the Nigeria Data Protection Regulation 2019.

The deadline has been shifted from November 25th, 2022 to 20th of January, 2023.

National Commissioner, Nigeria Data Protection Bureau, Dr. Vincent Olatunji, who made this known on Thursday explained that the approved extension of time was for data controllers and data processors to comply with the earlier notice on National Data Protection Adequacy Programme (NaDPAP) Whitelist.

The development came as the Head of the Civil Service of the Federation, Dr. Folasade Yemi-Esan has issued a Guideline on Personal Information Technology Devices (PITeD) Provision and Usage in Ministries, Departments and Agencies (MDAs).

A statement by Babatunde Bamigboye, Head, Legal Enforcement and Regulations, NDPB, on Thursday in Abuja said the Guideline seeks, among others, to “foster strict adherence to government policies and global best practice in respect of data protection; provide clarity on the legitimate uses required on the part of users and the consequences of breaching the provisions of the Guideline”.

The statement read in part: “In order to reinforce data privacy and protection practices in MDAs, Part X of the Guideline provides inter alia:-

“Each MDA shall ensure that the usage of PITeD is consistent with Nigeria Data Protection Regulation and any regulatory instrument on data privacy and protection in Nigeria.

“The measures to be taken by each MDA for the purpose of data protection and accountability shall include but not limited to the following:

“Designation or appointment of a suitable officer within the MDA as a Data Protection Officer (DPO).

“Development of a Data Protection Policy in line with Nigeria Data Protection Regulation (NDPR) and other applicable regulatory instruments on data privacy and protection.

“Forwarding of the contact details of the data protection officer to the Office of the Head of Service and the Nigeria Data Protection
Bureau.

“It will be recalled that the Secretary to the Government of the Federation, Mr. Boss Mustapha, recently issued a service-wide circular directing MDAs to comply with the provisions of the NDPR.

“The Nigeria Data Protection Bureau National Commissioner, Dr. Vincent Olatunji, has lauded the Head of the Civil Service of the Federation for taking this bold and strategic measure.

“The Bureau sees this effort by the Federal Government as another clear demonstration of commitment to fundamental rights and freedoms which are often impacted by data processing.

“In view of this encouraging development in the public sector, the National Commissioner has approved an extension of time for data controllers and data processors to comply with the earlier notice on National Data Protection Adequacy Programme (NaDPAP) Whitelist.

“The deadline for the submission of details of Data Protection Officers/Contacts, among others, has now been shifted to 20th of January, 2023.

“Data Controllers and Processors who submitted before the deadline of November 25th, 2022 have been awarded full marks of 10 points under Accountability Metrics and Responsiveness to Regulatory Processes.

“This represents 10% of the total number of scores to be awarded in order to be eligible for inclusion on the NaDPAP Whitelist.

“The Bureau will also evaluate data controllers and data processors on other performance metrics including but not limited to Implementation of NDPR Compliant Privacy Policy; Sensitization of Data Subjects on Data Subjects Rights; Filing of Annual Compliance Audit Returns and Globally Acceptable Information Security Certifications”.