Are you looking to become NDPR-compliant as a tech company? Then, you must follow outlined compliance requirements in the form of obligations. That’s if your company is involved in data activities. This article covers everything you need to begin.
Companies involved in data activities are in two categories – data controllers and data processors.
Hence, this article cares to explore key compliance obligations required from both entities.
Let’s begin.
What Is The Distinction Between A Data Controller And A Data Processor?
It’s vital to become NDPR compliant as a tech company. As explained earlier, tech companies comprise data controllers and data processors. Let’s look at their differences.
A data controller determines the purpose of data and decides the data processing system.
On the other hand, a data processor merely processes the data on behalf of the data controller.
Subsequently, NDPR compliance would usually be determined by the setup of the applicant company structure.
The consequent subheads give insight into the compliance measures for a data controller or a data processor.
Compliance Requirements For Data Controllers
The following are major compliance requirements as prescribed by the NDPR
• They process the personal data of more than 2000 data subjects in 12 months. Also, they will submit a summary of their data protection audit to the NDPR.
This shouldn’t be later than 15th March of the following year.
• Inform the data subject of the purpose(s) of the processing for which the personal data is intended and shall also inform a data subject of any subsequent use different from originally agreed terms.
• Additionally, a data controller must stipulate in its privacy policy how long personal data will be stored.
• They must install an effective data security apparatus to keep the collected data confidential. Furthermore, this protects them against cyber-attacks.
• Ensure that the consent of a data subject is obtained without fraud, coercion, or undue influence.
• A Data Controller needs to designate a Data Protection Officer (DPO). This is primarily to ensure compliance with the obligations under the regulations.
• They must maintain data processing records.
• Audit of its privacy and data protection practices is also a requirement for implementation of the NDPR. It has to be ready 6 months after the regulation came into force.
Compliance Requirements For Data Processors
The obligations of the data processors are largely to the data controllers. Some of them are;
• Facilitating and processing data on behalf and upon instructions of the data controllers.
• Data processors inform data controllers of changes in legal requirements. In addition, they inform them of disks concerning personal data.
In conclusion, this compliance checklist is for companies in data activities.
Finally, complying with them helps to avoid the stringent liabilities that accompany noncompliance.
References
1 https://www.dataguidance.com/notes/nigeria-data-protection-overview accessed on Feb 17, 2023
2 5 Steps to Compliance with the Nigeria Data Protection Regulation Read more at: https://www.appknox.com/blog/5-steps-to-compliance-with-the-nigeria-data-protection-regulation accessed on Feb 17, 2023
3 Nigeria Data Protection Regulation, available at, https://www.google.com/url?sa=t&source=web&rct=j&url=https://nitda.gov.ng/wp-content/uploads/2021/01/NDPR-Implementation-Framework.pdf&ved=2ahUKEwiVmNLpw5z9AhVXSvEDHbP-Cz4QFnoECDkQAQ&usg=AOvVaw1vqz1cxRXiekqUGjzREiCz accessed on Feb 17, 2023
Do you seek redress or consultation on legal matters?
Our Law Firm – Scotts Legal – offers specialized law services in areas including but not limited to the following:
- Fraud
- Family Law
- Legal Advice
- Civil Litigation
- Domestic Violence
- International Trade
- Commercial Litigation
- Intellectual Property
- Mergers & Acquisitions
- Corporate Restructurings
- Energy & Natural Resources
Follow us on our social media handles:
Constantly get our news updates and informative articles.