DP 101 – An introduction
Data protection refers to the protection of data from unauthorised possession and use.
The term data has a more restrictive meaning within the context of data protection. Data protection is particularly concerned with the security of personal data. Personal data – also known as personally identifiable information – is any information that that can be used, independently or in conjunction with other information, to identify a natural person (human being). Accordingly, the names, residential addresses, phone numbers, dates of birth, bank verification numbers, email addresses, and identification numbers (among other identifiers) of individuals qualify as personal data. Conversely, the address, official email address or incorporation number of a company, for instance, would not qualify as personal data, since a company is a juristic (non-human) person.
Protection of personal data gained global traction in 1981, when Convention 108+ (Convention for the protection of individuals with regard to the processing of personal data), which was developed by the Council of Europe, opened for signature. Data protection has its foundation in the enforcement of privacy rights, recognised as part of human rights by the law of nations and the domestic laws of most countries.
More recent discussions around privacy and data protection have sparked the development of the General Data Protection Regulations (GDPR) by the European Union in 2016. It is arguable that the development of the GDPR
may have been triggered, or hastened, by egregious instances of misuse of personal data of individuals, mostly by big data organisations. The GDPR, which came into effect in May 2018, contain detailed provisions regulating the collection, use, and storage of personal data collected by businesses and entities, as well as far-reaching penalties for breaches of data rights crested for the benefits of data subjects (individuals).
In Nigeria, Section 37 of the 1999 Constitution (as amended) guarantees the right of Nigerian citizens to privacy, including the privacy of communications and conversations of such citizens. To further reinforce this fundamental right, the National Information Technology Development Agency (NITDA), which was established in 2007 by an Act of the National Assembly, developed the Nigeria Data Protection Regulation (NDPR) in 2019 to regulate the collection and processing of personal data. The NDPR has detailed provisions and has improved Nigeria’s reputation as a country with good data protection regulatory and enforcement framework. That said, the NDPR has also imposed mandatory obligations on entities that collect, use, and/or store personal data of Nigerian citizens and residents (effectively, all entities).
We will explore the governing principles of data protection (as enshrined in the NDPR and GDPR), the rights of individuals under those regulations, as well as the many obligations of entities that collect, use and/or store personal data, in subsequent parts of the snapshot series.
NICCOM LLP is a licensed Data Protection Compliance Organisation (DPCO), and can provide data protection compliance audit services, as well as other related services required by businesses. As a law firm, we are positioned to proffer legal advice on the impact of the NDPR to your organisation and suggest recommendations on process improvement, where necessary.