REGULATIONS.

The Nigeria Data Protection Regulation (‘NDPR’) issued by the National Information Technology Development Agency (‘NITDA’) in January 2019, has now become the regulatory legislation and authority that administers the disruption  that has occured in the mode of operations, management and processing of personal information, the protection of data and cybersecurity in this contemporary order.

Since natural persons are the primary  data subjects within the general ecosystem, personal information has become more sensitive and vulnerable, hence the keen concern of the regulatory authorities about their conservation. It follows therefore that the security and control of processes and the proper protection of their data inter alia becomes the main focus for ensuring regulatory compliance at all levels amongst government,organisations  and individuals.

GOVERNMENT‘S OBLIGATION

Government in particular owes its subjects an obligation to bring them up to speed on the expectations and requirements of the regulatory authorities in order to assist them to comprehend and optimize the benefits available to them within the complex web of people, processes, technology and the regulations.

To achieve this objective, the data subject, as well as data collectors and data processor organisations who are  the primary intermet users, are being guided into the expectations of regulatory compliance through a Draft Implementation Framework (“Draft Framework”), to aid their  navigation of  the provisions of the  NDPR, to the intent that it might yeild  productive results for stake holders as against neglecting them to become victims of regulatory sanctions.Some pathfinding beacons to assist this course include:

1.Appointment of Data Protection Compliance Officers. (DPCOs)

Pursuant to the  provisions  of the draft frame work by NITDA, all data collecting, and data processing organisations operating on the internet must carry out an audit of their data protection practices, which would be conducted by the DPCOs that have been duely accredited and licensed by NITDA as published on the NITDA website.The DPCOs will also assist with the capacity development and upskilling of these data collector and data processor organisation in

compliance with the NDPR or parallel foreign regulations. 2.CONSENT

The express consent of data owners/ subjects is now required in strict compliance with the NDPR before collector or processing organisations can engage their personal information or data for their use online.Consemt must be expressed and not assumed.

1. NON COMPLIANCE AND SANCTIONS.

Data Controllers who processi under 1,000 and  over 2000 data subjects, must  submit an audit report to NITDA by the 15th of March annually, failing which they risk a penalty of at least N2,000,000(two million naira) and N10,000,000(ten million naira) respectively.The regulation also encourages collector organisations to make voluntary submission of their data protection records for analysis,not only  to ensure adequate and sustained evaluation of data, but also  to avoid being the victims of cumbersome sanctions.

1. CYBER CRIME AND CYBERSECURITY

Apart from monitoring of organisations to identify breaches,or the imposition of administrative sanctions, NITDA will embark on  the investigation of complaints and the pursuit of criminal prosecutions as the need arises. The watch cuts across borders even on the frontiers of drug trafficking,human traficking, terrorism,organ traficking and other dark web related cybercriminal

activities.Where breaches of Data Protection occurs or when cyber security compromises are such that threaten national security, NITDA will obtain the consent of the Attorney General of the Federation in compliance with the NDPR to prosecute such cases.

1. JURISDICTION COMPATIBILITY

The consent of the office of the Attorney General of the Federation is also required where data is sought to be transferred outside of the jurisdiction,in order to ensure regulatory compatibility with them abroad.

PROACTIVITY.

The unique value that is expected from government,  given the foregoing initiatives of NITDA in leveraging the draft framework into a better comprehension of the NDPR is to facilitate,promote and establish a clearer understanding of the intents and purposes of both the NDPR and NITDA by the industry stakeholders.

The Lagos State governments needs to take responsibility for its citizens within the workings of the tech industry with a view to attaining not just a safe and secure industry, but also to stimulate the overall prosperity of its users, controllers and operators ,by complementing the efforts of NITDA in the following manner:

1. 1. Set Up Parallel Agencies that will encourage  awareness, train and develop, stakeholders including but not limited to data subjects, data controllers,processors and the like.There is an urgent need to motivate all players in the ecosystem both into conformity with and innovations to regulations in this highly dynamic and rapidly evolving extraterrestrial order.
   2. Promote Legislative Advocacy that will attend to and addresses the peculiar needs of the citizens of Lagos State with regard to cybertech and to secure and protect their interests via subsidiary legislationsr , especially because of the unique position that it occupies as the technological Eco centr e of Africa.
   3. Protect Its User Citizens From Technological Imperialism by ensuring that the influx or transfer of data and information and indeed the peculiar dynamics of cross-border  transactions, beyond compatibility,  does not encourage a servitude, enslavement or neo colonisation of  its citizens and goverments, hence a call to action on the State Attorney  General for a keener legal technological  vigilance and due dilligence  in all foreign transactions, both prospectively and retrospectively.
   4. Close Monitoring of Criminal and Civil Breaches that compromise the security and safety of the state and its citizens through the dark webs etc. require dedicated attention and initiatives outside of the box.

E. Optimizing Oppurtuniies for Interternally Generated Revenue. Whether by taxation of enterprise or proceeds of sanction, appropriate mechanism for harnessing the  resources  from the vast and versatile economic potentials and opportunities in the cyber tech world must be prioritised by government.

In conclusion, the regulation of the  operations, the people, processes and the technology  of the cyber space requires a deeper knowledge and understanding to enable it function at a frequency of productivity borne more  out of wilful  comlpiance by the stakeholders, than by compulsion of sanctions. The Lagos State Goverment in particular needs to complement NITDA in its effort to give life and force to the NDPR in a bid to ensure effective protecton of data and the personal information of data subjects.

Strengthening cybersecurity on both the civil and criminal fronts is a task that goes beyond the activities of data controllers and processors only.The state government, through Special Assistants, Consultants, and Legal Tech experts will need to work hand in hand to deliver the laudable results contemplated by the NDPR under the watch of NITDA

OLADIPO FOLA-ALADE

Legal Practitioner & Legal Tech Consultant.