Nigeria’s IT regulator plans policy change to fit EU’s new data protection rule

European Union’s decision to issue a General Data Protection Regulation (GDPR) comes with unintended consequences, as legislators worldwide are scrambling to update their domestic legislation to bend to Europe’s privacy rules.

With the legal and IT worlds working towards the implementation of GDPR that takes effect in May 2018, the Nigerian National Information Technology Development Agency (NITDA) is working on revising its guideline on data protection to later issue a new guideline on data protection.

In a statement obtained by Punch, Isa Ibrahim, Director-General of NITDA noted that “in an effort to make the agency’s rule-making process transparent and industry-focused, the revised guideline will soon be presented for stakeholder consultation as stipulated in the Rule-making Process Regulation of NITDA.”

Ibrahim highlighted that the European GDPR which was adopted in 2016 to replace the data protection directive of 1995 could affect Nigerian businesses and individuals that employs information technologies to gather EU Citizens details.

“It is in the utmost interest of the agency to protect Nigerian businesses from unnecessary exposure to the risks of this regulation and/or any regulations that might have negative impact on their businesses as well as the rights of Nigerians that have dual citizenship of any EU member state,” he stressed.

Implications of EU’s General Data Protection Regulation (GDPR)

Europe has served as the world’s privacy police officer for years, earning it the right to up the bar for data protection worldwide.

With companies like Google, Facebook and Amazon having more of people’s private information, EU thought it best to tighten security measures in ensuring its citizen’s information are protected by introducing the General Data Protection Regulation (GDPR) of 2016.

The new regulation offers EU citizens’ power over how their information details can be collected, used and stored, leaving domestic laws with no option but to conform to the EU’s new rules, or risk being shut out of World’s largest trading bloc.

Also, EU consumers can pull their data from a company at any time, force businesses to alert customers within three days if their data is hacked and let people move information to rival services at a drop of a hat. This data revamp could change a lot for businesses worldwide.

“GDPR has long tentacles,” said John Giles, managing attorney at Michalsons law firm in South Africa, while emphasizing the significance of the new regulation in a statement on politico.

Failure to comply with the new rules would attract a huge fine of almost €20 million or 4 percent of a company’s annual global revenue, hence the need for “Nigerian businesses carrying out online transactions to put in place appropriate measures to observe the provisions of the regulation to avoid being sanctioned for a liable breach” Ibrahim noted.