Did you know that:
- The Nigeria Data Protection Regulations 2019 ("NDPR") requires organisations to conduct a detailed audit of their privacy and data protection practices at inception and thereafter on an annual basis where they process the Personal Data of Nigerian citizens and residents utilising the services of a licensed Data Protection Compliance Organisation ("DPCO").
- Based on the provisions of Regulation 4.1(7) of the NDPR, where your organisation as a Data Controller processes the Personal Data of more than 2,000 Data Subjects within a period of 12 months, your organisation is required to, not later than the 15th of March of the following year, submit a summary of its data protection audit to the Nigeria Data Protection Bureau ("NDPB").
- Where your organisation fails to carry out the annual data protection audit, or that fails to file its audit report with the NDPB, where it falls within the stipulated threshold for filing an audit report, this will amount to a breach of the provisions of the NDPR.
- The penalty imposed on Data Controllers and/or Processors for any breach of the provisions of the NDPR is the payment of a fine of a sum that represents 2% of the Annual Gross Revenue of the preceding year or N10,000,000, whichever is greater, with respect to a Data Controller that processes the Personal Data of more than 10,000 Data Subjects or the payment of the fine of 1% of the Annual Gross Revenue of the preceding year or the payment of the sum of N2,000,000, whichever is greater, for a Data Controller that processes the Personal Data of less than 10,000 Data Subjects.
- In addition, a breach of the NDPR is also construed to be a breach of the provisions of the National Information Technology Development Agency Act, 2007, ("NITDA Act") and consequently, the penalties stipulated under the NITDA Act could also apply where there has been a breach of any provision of the NDPR in such instance.
UUBO is a NDPB-licensed DPCO, and we would be glad to assist you with conducting your annual audit and filing the report, where applicable, with the NDPB or to provide you with any data protection assistance you may require.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.