MR Tunde Balogun is the Chief Executive Officer of Data Services Protection Limited (DSPL), a company that handles data protection. In this interview with BODE ADEWUMI, he speaks on the importance of data and security, among other issues.
RECENTLY, the Federal Government gave a directive to all MDAs to begin immediate compliance with Nigerian Data Protection Regulation (NDPR). What is your take on this?
The entire data protection industry was elated when the directive was issued. This is what we the stakeholders of ALDAPCON have been advocating and we must thank both the Minister of Communication and Digital Economy, Mr Isa Pantami and the pioneer National Commissioner of Nigeria Data Protection Bureau (NDPB), Dr Vincent Olatunji for bringing this initiative to fruition.
The biggest data controllers are government agencies as they handle personal data of not just entire citizens of the country but residents and visitors alike. Therefore, looking at the magnitude of personal data processing that occurs daily across each and every Federal Government agency up and down the country everyday in which non-compliance can lead to infringement on Nigeria citizens and residents data privacy rights, hence this call for NDPR compliance for all government MDAs is definitely welcomed and very important.
However, we still have loads of work to do before our members can start providing their services to the MDAs. We have to wait for the industry regulator, NDPB, to issue an implementation framework for the public sector, as this enforces implementation standards across the MDAs irrespective of the implementing DPCO and this also aligns with NDPB’ Strategic Roadmap Action Plan.
The data protection industry is at crossroads at the moment in terms of its legislation. I mean NDPR will be returned very soon and replaced with the Data Protection Act. Will there be any impact on this Federal Government’s directive?
I do not think there will be any impact especially in the key aspects of complying with data protection in our jurisdiction. The principles of data protection transcend both NDPR, the current legislation and the incoming Data Protection Act.
All data protection compliance steps revolve round the global set principles of personal data protection. The differences between NDPR and Data Protection Act are mostly outside the core principles and are things like enforcement, penalties, periodic filings of audits, etc.
ALSO READ FROM NIGERIAN TRIBUNE
So, what it means in practical terms for MDAs is that the compliance journey from NDPR to Data protection Act will be seamless and cumulative and will not reset back to zero or baseline after the Data Protection Act becomes the law.
Congratulations to Data Services Protection Limited (DSPL) as the consultant in helping Oyo win the most ICT-compliant state in Nigeria at the recent Digital Nigeria 2022 and I remember us speaking during the implementation last year in Ibadan. What was the experience of implementing a digital technology-compliant project in the public sector in Nigeria where adoption of digital services is sometimes seen as an impediment by public sector workers?
Thank you. DSPL also congratulates the good people of Oyo State on the award. This shows the consistency of our quality services and products. Remember we are an award-winning DPCO through our copyrighted NDPR-compliant visitors book, which won the most innovative NDPR product at NITDA privacy week in 2021.
Our experience during NDPR implementation and working with the government of Oyo State was very good. Our experience was contrary to one’s belief or assumption and this is mostly due to the uniqueness of DSPL implementing tools. All our NDPR implementing tools were developed with the inclusion of a very important variable or component, which is local knowledge.