Nigeria’s Data Protection Bill, 2022
Operationalize Nigeria’s Data Protection Bill Compliance with PrivacyOps Platform
Last Updated on September 28, 2023
Privacy Center
Fully Functional In Minutes
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Email already in use
Looks like this email is already registered with an existing account.
Unexpected error occurred
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
Nigeria’s Data Protection Bill (the “Bill”), published by the National Information Technology Development Agency ('NITDA') on October 4, 2022, aims to create the Nigeria Data Protection Commission (the “Commission”), which will be responsible for regulating the processing of personal data and other similar matters.
The Bill outlines the requirements for the processing of personal data. It requires controllers to undertake Data Protection Impact Assessments (DPIAs) for high-risk data processing activities, appoint a Data Protection Officer (DPO) with expert knowledge of data protection laws, and ensure that personal data is processed lawfully and fairly, along with other obligations.
The Bill also sets out the framework for investigations, compliance orders, enforcement orders, judicial reviews, and civil remedies related to enforcement.
The Bill is currently under review by Nigeria’s Ministry of Communication and Digital Economy before its onward submission to the National Assembly for approval and eventual assent by the President. The legislation would come into force upon such assent by the President of Nigeria.
The Solution
Securiti enables organizations to comply with Nigeria’s Data Protection Bill through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises in their journey toward compliance with Nigeria’s Data Protection Bill through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of Nigeria’s Data Protection Bill.
Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.
Automate Handling and Secure Fulfillment of Consumer Data Access Requests
Sections 35(a), 35(b)
Simplify the DSR requests format by building web forms customized for your brand image to accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.
Automate the Processing of Rectification Requests
Sections 35(c)
Seamlessly fulfill data rectification requests with the help of automated data subject verification workflows across all appearances of a subject’s personal data.
Automate Erasure Requests
Section 35(d)
Quickly fulfill data subject's erasure requests through automated and flexible workflows.
Automate Object and Restriction of Processing Requests
Sections 35(e), 37
Build a framework for handling objections and restriction of processing requests based on business requirements with the help of collaborative workflows.
Monitor and Track Consent
Sections 25(1)(d), 26, 27, 31, 32, 36, 38, 44
Securiti's Consent Management Platform enables organizations to obtain end-users' consent for data access, retrieval, and advertising purposes. Data controllers can allow data subjects to withdraw consent once granted or update their consent preferences via configurable consent preference centers.
Assess Readiness
Sections 25, 29, 30
With the help of our multi-regulation, collaborative, readiness, and privacy impact assessment system, you can measure your organization's posture against Nigeria’s Data Protection Bill, 2022 requirements, identify the gaps and address the risks. Expand assessment capabilities across your vendor ecosystem to maintain compliance against Nigeria’s Data Protection Bill, 2022 requirements.
Map Data Flows and Generate Reports
Section 42(2)
Generate dynamic visual data maps to map personal data to its correct owners, easily monitor cross-border traffic and other key data patterns and exchanges, as well as maintain updated records of data processing activities.
Automate Data Breach Response Notifications
Section 41
Automate compliance actions and breach notifications to concerned stakeholders concerning security and data breach incidents by leveraging a knowledge database on security and data breach incident diagnosis and response.
Manage Vendor Risk
Section 30
Track, manage, and monitor vendors' privacy and security readiness from a single interface. Collaborate instantly, automate data requests and deletions, and manage all vendor contracts and compliance documents.
Meet Cookie Compliance
Sections 26(1)(a), 27, 31, 32, 36, 37, 38
Automatically scan the organization’s web properties and categorize cookies and similar tracking technologies. Build customizable cookie banners with the results to display banners, collect consent and provide a preference center to manage cookie preferences.
Privacy Policy and Notice Management
Sections 28, 42(3)
Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates.
Rights of Data Subjects Under Nigeria’s Data Protection Bill, 2022
A data subject is entitled to the following rights with respect to the processing of their personal data:
Right to Confirmation
The right to confirm, without constraint or unreasonable delay, whether the controller or a processor working on their behalf is storing or otherwise processing the data subject's personal information.
Right to Access Data
The right to access a copy of their personal data in a generally used electronic format without constraint or unreasonable delay, unless doing so would result in the data controller incurring unreasonable expenses, in which case the data controller may request the data subject to cover some or all of those costs.
Right to Correction
The right to correction of erroneous, out-of-date, incomplete, or misleading personal data, or erasure of such data if correction is not practical or appropriate, without any constraint or unreasonable delay.
Right to Erasure
The right to deletion of personal data without constraint or undue delay where personal data is no longer necessary or the data controller has no other basis for retaining the data.
Right to Restriction
The right to restriction of data processing, without constraint or unreasonable delay, until a request or objection from the data subject is resolved.
Right to Withdraw Consent
The right to withdraw his consent to the processing of personal data.
Right to Object
The right to object on grounds relating to their particular situation to the processing of their personal data.
Right Not to be Subject to Automated Processing
The right not to be subject to a decision based solely on the automated processing of personal data, including profiling, which produces legal or similarly significant effects concerning the data subject.
Right to Data Portability
The right to data portability entitles data subjects to get their personal information from a data controller in a format that will allow for easier reuse in various contexts.
Facts to Know About Nigeria’s Data Protection Bill, 2022
The Commission shall be responsible for implementing the Bill.
A data controller shall bear the burden of proof for establishing a data subject’s consent.
The Commission may impose fees or levies required to be paid by data controllers and data processors of major importance.
A data subject who is aggrieved by the decision, action, or inaction of a data controller or data processor in violation of the Bill, subsidiary legislation, or orders, may lodge a complaint with the Commission. A person who is not satisfied with an order of the Commission may apply to the appropriate court within thirty days after the date the order was made for judicial review thereof.
Under the Bill, the Commission may fine data controllers or processors of major importance for an amount up to, the greater of, NGN 10 million and 2% of their annual gross revenue derived from Nigeria in the preceding financial year.
- Data controller or processor of major importance refers to a data controller or processor that is domiciled, ordinarily resident, or ordinarily operating in Nigeria and processes or intends to process personal data of more than such number of data subjects within Nigeria as prescribed by the Commission, or such other class of data controller or processor that is processing personal data of particular value or significance to the economy, society or security of Nigeria as the Commission may designate.
For data controllers or processors other than those of major importance, the Commission may impose a fine for an amount up to, the greater of, NGN 2 million and 2% of their annual gross revenue derived from Nigeria in the preceding financial year.
A data subject who suffers injury, loss or harm as a result of a violation of the Bill by a data controller or data processor, or a recognized consumer organization acting on behalf of such a data subject, may recover damages by way of civil proceedings in the appropriate court from such data controller or data processor.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
Newsletter
Resources
Get in touch
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128
