The Nigerian Information Technology Development Agency will be issuing non-compliance notices to 100 Nigerian companies who failed for comply with certain processes of the Nigeria Data Protection Regulation of the agency.
The Desk Officer, e-Government Development and Regulation Department at NITDA, Femi Daniel, told The Punch correspondent on Tuesday that the companies, which operates in the financial technology sector, aviation and betting sectors, had failed to submit their initial data audit.
The NDPR, which was issued in January this year, was created to provide a clear framework for the security and privacy of Nigerians using, collecting, storing or transferring personal data.
Organisations in the public and private sectors were expected to have updated their privacy policies in line with the NDPR by April 25 and filed their initial data audit report by October 25, 2019.
“The first batch of 100 companies will be contacted in a few days. These companies include fintechs, betting companies, airlines among others. While NITDA desires to enforce the NDPR, we want to ensure that the requisite processes for justice administration are fully complied with to avoid unnecessary judicial backlash,” he said.
He said the agency had constituted a data breach investigation team, which was working with the Inspector -General of Police and other security operatives.
He explained that the investigation team had been saddled with the responsibility of examining cases of data breaches.
Daniel said till date, only 94 companies had fully complied with the NDPR while 200 firms had been granted extension to submit their initial data audit reports based on request they made to the agency.
“The DBIT is currently investigating five major cases of data breaches which have been reported to the agency. We are also issuing a notice of non-compliance to major data controllers who have not filed data audit report nor have sought extension of time to comply.”