In this post, we highlighted 3 points from 2019 Nigeria Data Protection Regulation start-ups should note. Subsequent subheads below covers these highlights.
Procuring Consent
Part two of the NDPR requires that personal data be collected and processed for specific, legitimate, and lawful purposes that the data subject consents to. In line with this, Section 2.3 outlines the various conditions that must be satisfied before consent procurement can be considered lawful. Some of these conditions are:
a) The data controller must make the specific purpose of data collection known to the data subject before obtaining the data.
b) The data controller or start-up must ensure that they obtain the data subject’s consent without fraud, coercion, or undue influence.
c) When processing occurs based on consent, the start-up or controller must prove that the data subject has consented to the processing of their personal data and that the data subject has the legal capacity to give consent.
Legal Processing of Personal Data
Section 2.2 of the NDPR outlines five (5) conditions, and the controller or start-up must satisfy at least one before processing the personal data of the data subject lawfully. Below, we will highlight three (3) of these conditions.
a) The data subject must have given consent to the processing of his or her personal data for one or more specific purposes.
b) Where processing is necessary to perform a contract to which the data subject is a party or for the purpose of taking steps at the request of the data subject prior to entering into a contract
c) where processing is necessary for the performance of a task carried out in the public interest or in exercise of official mandate vested in the controller or startup
Data Security
Section 2.6 of the NDPR requires anyone involved in data processing or control to adopt data security procedures. These procedures may include, but are not limited to, protecting systems from hackers, setting up firewalls, and securing data with restricted access.. Using data encryption technology and specific authorized individuals. Creating an organizational policy for dealing with Personal Data and other sensitive information or confidential data, email system security, and continual capacity structure for its employees.
Conclusion
We believe it’s important for start ups and companies generally, to speak with lawyers to draft or review data privacy and protection policies, data sharing agreements and such other documents.
Have any questions? Book a call with us today!
https://calendly.com/info-whe/30min
Do you seek redress or consultation on legal matters?
Our Law Firm – Scotts Legal – offers legal services in areas including but not limited to the following:
- Real Estate Services (Property Acquisition, Investigation, Registration, Property Management)
- Company Registration and Post-Incorporation Services
- Corporate and Commercial Law solutions
- Domestic Violence and Child Custody
- Cross Border Transactions
- Debt Recovery Services
- Commercial Litigation
- Intellectual Property
- International Trade
- Criminal Litigation
- Employment Law
- Client Advisory
- Civil Litigation
- Mining Law
- Tax Law
Book a FREE CALL to inquire about any of the services above.
Follow us on our social media handles:
Constantly get our news updates