Answer ... The applicable data protection regime in Nigeria is the Data Protection Regulation 2019.
The objectives of the regulation include:
- safeguarding the rights of natural persons to data privacy;
- fostering a safe conduct of transactions involving the exchange of personal data;
- preventing the manipulation of personal data; and
- ensuring the competitiveness of Nigerian businesses in international trade.
The scope of the regulation includes all transactions that involve the processing of personal data of natural persons in Nigeria; it also applies to natural persons residing in Nigeria and those of Nigerian descent residing outside Nigeria.
Answer ... Sections 38 to 40 of the CyberCrimes Prohibition, Prevention, etc Act 2015 require that all service providers preserve, hold or retain traffic data, subscriber information, non-content information and content data, and release such information to a law enforcement agency upon request.
As such, fintech companies that handle customer information should ensure that any such information provided is kept confidential and utilised only for legitimate purposes under the act, any other legislation or an order of a court of competent jurisdiction, having regard to the individual’s constitutional right to privacy.