Data Protection Audit Compliance: Nigeria Gives MDAs, Corporate Entities Till October 2019
The National Information Technology Development Agency (NITDA) has granted a three-month extension for the conduct of the initial audit report for every data Controller and Processor in the country.
This extension period, LawyardNG reports, would lapse on Friday 25th October 2019.
The Director-General of NITDA, Dr Isa Ali Ibrahim (Pantami) confirmed that the extension was an offshoot of series of consultations with various industry and government stakeholders on the implementation of the Nigeria Data Protection Regulation (NDPR).
According to the DG, the stakeholder specified that the NDPR is an appropriate regulation that would help provide clarity for data controllers and processors on the rights of data subjects, the basis of processing personal data and transfer of data outside Nigeria among others.
The Statement reads: “NITDA is pleased to note that stakeholders including other Sector Regulators, Government, Banks, Industry groups, Private Sector players among many others, have shown tremendous willingness towards compliance with the NDPR.
“Consequently, Article 4.1(5) of the NDPR requires Data Controllers to submit an initial audit report within six months of issuance of the Regulation (which lapsed on 25th July, 2019). Several Data Controllers have appealed for an extension of time to meet this obligation.
“Therefore, NITDA is hereby granting a three-month extension for the conduct of the initial audit report for every data Controller and Processor.
“This extension period would elapse on Friday 25th October 2019.
“This extension of time for the purpose of audit filing does not limit NITDA’s right to investigate and enforce other allegations of the breach made against any Data Controller or Processor pursuant to the NDPR and the NITDA Act 2007”.
NITDA is a Federal Government Agency established in 2001 to implement the Nigerian Information Technology Policy as well as coordinate general IT development and regulation in the country.
Specifically Section 6(a,c) of the Act mandates NITDA to- create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria and develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields.
Privacy Nigeria is Nigeria’s foremost data protection experts, we service entities, firms and internet intermediaries seeking to comply with data protection regulations such as the GDPR, HIPAA, NDPR amongst others.