ARTICLE
10 February 2023

Data Protection Compliance - Conducting Annual Data Protection Audits

UU
Udo Udoma & Belo-Osagie

Contributor

Founded in 1983, Udo Udoma & Belo-Osagie is a multi-specialisation full service corporate and commercial law firm with offices in Nigeria’s key commercial centres. The firm’s corporate practice is supported by a company secretarial department, Alsec Nominees Limited, which provides a full range of company secretarial services and our sub-firm, U-Law which caters exclusively to entrepreneurs, MSMEs, startups, and growth businesses across several industries, including the FinTech industry. It is designed as a one-stop-shop for all basic business-related legal needs, providing high-quality support in a simplified and straightforward manner at super competitive prices. We are privileged to work with diverse local and international clients to create and implement innovative practical solutions that facilitate business in Nigeria and beyond. When required, we are well-placed to work across Africa with a select network of leading African and international law firms with whom we enjoy established relationships.
The Nigeria Data Protection Regulations 2019 requires organisations to conduct a detailed audit of their privacy and data protection practices ...
Nigeria Privacy

Did you know that:

  • The Nigeria Data Protection Regulations 2019 ("NDPR") requires organisations to conduct a detailed audit of their privacy and data protection practices at inception and thereafter on an annual basis where they process the Personal Data of Nigerian citizens and residents utilising the services of a licensed Data Protection Compliance Organisation ("DPCO").
  • Based on the provisions of Regulation 4.1(7) of the NDPR, where your organisation as a Data Controller processes the Personal Data of more than 2,000 Data Subjects within a period of 12 months, your organisation is required to, not later than the 15th of March of the following year, submit a summary of its data protection audit to the Nigeria Data Protection Bureau ("NDPB").
  • Where your organisation fails to carry out the annual data protection audit, or that fails to file its audit report with the NDPB, where it falls within the stipulated threshold for filing an audit report, this will amount to a breach of the provisions of the NDPR.
  • The penalty imposed on Data Controllers and/or Processors for any breach of the provisions of the NDPR is the payment of a fine of a sum that represents 2% of the Annual Gross Revenue of the preceding year or N10,000,000, whichever is greater, with respect to a Data Controller that processes the Personal Data of more than 10,000 Data Subjects or the payment of the fine of 1% of the Annual Gross Revenue of the preceding year or the payment of the sum of N2,000,000, whichever is greater, for a Data Controller that processes the Personal Data of less than 10,000 Data Subjects.
  • In addition, a breach of the NDPR is also construed to be a breach of the provisions of the National Information Technology Development Agency Act, 2007, ("NITDA Act") and consequently, the penalties stipulated under the NITDA Act could also apply where there has been a breach of any provision of the NDPR in such instance.

UUBO is a NDPB-licensed DPCO, and we would be glad to assist you with conducting your annual audit and filing the report, where applicable, with the NDPB or to provide you with any data protection assistance you may require.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More