The National Commissioner/CEO, Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, has said organisations whose operations are data driven such as commercial banks, telecommunications companies, loan app companies among others would loose two percent of their annual gross revenue if they fail to abide by the National Data Protection Act.
Olatunji stated this on Monday in Abuja at a press conference on the implementation of the recently signed Nigeria Data Protection Act 2023.
According to Olatunji, plans are on the way to upscale registration process for data controllers and data processors, introduce a definite calendar for filing annual Compliance Audit Returns and strengthen its regulatory frameworks for DPCOs as well as issue sector-specific guidelines particularly for financial and telecom sectors.
His words: “At the core of the NDPR is the essence of respect – respect for the personal data of our citizens, respect for privacy, and respect for digital rights. This respect is now solidly etched in the NDPA.
“The change in legislation is not merely an addendum to the nation law books but a transformative stride towards shaping a culture where the protection of personal data is a cherished principle and an inviolable obligation.
“The move to make data protection a statutory requirement means every organization, big or small, must cooperate with government and also ‘walk the talk’ in the interest of our dear nation.
Olatunji also explained that the development arising from the passage of the act shouldn’t be seen as a burden; rather, as an exciting journey towards gaining trust, building robust data protection structures, and strengthening the country’s footing in the global digital ecosystem, as well as attract increase in foreign direct investment (FDI).
He further revealed that the impact of the sanction on deterrent companies would depend on varying factors which could range from less to more sanction.
“Our goal is not to witch-hunt or fine anybody, but to inculcate in people, both by default and by design, the culture of data privacy compliance. The CEOs of public institutions will be held accountable for data breaches rather than the organisation in such cases”.
END