Telcos, IT firms tasked on data protection, implementation of NDPR
The Association of Telecommunications Companies of Nigeria (ATCON), has called on members to protect consumer data with them and ensure no losses.
ATCON, which reminded members that data is now the new gold, and must be treated accordingly, said it has also urged them that the implementation of the Nigeria Data Protection Regulation (NDPR), has become highly important.
The NDPR is being championed in Nigeria by the National Information Technology Development Agency (NITDA).The President of ATCON, Olusola Teniola, who made the call at a virtual meeting on, NDPR 2019: Benefits and Compliance Process, hosted by the body and NetHost Nigeria Limited, said: “As members of ATCON, an umbrella body of all telecom professionals in Nigeria, it is our duty to implement the data protection regulation. As we all know, the regulation is aimed at protecting and guaranteeing the safety of all users of the web from the unscrupulous people, who use their knowledge to defraud and cheat people who are genuinely transacting business over different websites (public and private).”
Teniola also emphasised that data protection regulation its strategic members businesses, “and so, to reduce or prevent cybercrimes, we must ensure the safety and protection of Nigerians digital details on the World Wide Web, as the failure to give adequate protection to data could be very devastating and costly to individuals and businesses.”
Information Security Consultant, Net host Nigeria Limited, Dr. Abiola Abimbola, who took the stakeholders through the nitty-gritty of the NDPA Act, revealed that there are specific details that a data collector needs to know about the Data Protection Regulation Act.
He disclosed that any transfer of personal data to a foreign country or to an international organization must follow an adequate level of protection decided by the Attorney General of the Federation/NITDA.
According to him, the foreign transfer must also follow the legal system of the foreign country particularly in the areas of the rule of law, respect for human rights and fundamental freedom.
He added that the foreign transfer of data must also adhere to security measures, while ensuring the enforcement of data subject rights, saying that the existence and effective functioning of one or more independent supervisory authorities is needed.
Referring to the NDPR Act, he said it is the responsibility of the data processor or controller to develop security measures to protect data in its custody, saying that such measures include but not limited to protecting systems from hackers, setting firewalls, storing data securely with access controls, employing data encryption technologies and continuous capacity building for staff.
He noted that there are governing principles of data processing that must be followed according to the NDPR Act, adding that personal data shall be collected and processed in accordance with specific, legitimate and lawful purpose consented by the data subject.
He said the Act is against holding data of a subject beyond the approved period, adding that personal data shall be processed adequately, accurately and without prejudice to the dignity of the human person.
No comments yet