By Chibuzo Ukaibe, Abuja
A certified General data protection regulation (GDPR) expert, Mr Alexander Lana has decried the reluctance of the federal government institutions to comply with the Nigeria Data Protection Regulation, (NDPR), warning that such negligence could expose the country to risks associated with cyber-attacks.
Lana, who has over 20 years experience in the formation technology (IT) industry, spoke against the backdrop of the recent unveiling of federal institutions that have complied with the Data protection protocol designed by National Information Technology Development Agency (NITDA).
He said it was shocking that key federal institutions that handle large amount of data are yet to comply with the data protection protocol.
Recall that the Nigeria Data Protection Regulation was initiated in January last year by the National Information Technology Development Agency (NITDA). Over 60 licensed Data compliance organisations were endorsed by NITDA to enable government and private institutions become compliant with the protection rules.
Worried by the absence of some federal institutions on the recently released list, he noted that such low compliance can adversely impact the realisation of the gains of digitisation.
He said “the recent release of the list of Organisations that have complied with the Data Protection regulation by NITDA on its website is very insightful. One would have thought that most, if not all, federal government owned-institutions, would have keyed into this critical regulation, considering the large amount of personal identifiable information they control.”
Mr Lana added that more needs to be done by NITDA to enforce a compliance deadline as well as a stringent penalty or even a closure.
“The lack of understanding on the importance of data processing is concerning to me. There’s a window of opportunities to correct this now whilst the world is currently under a pandemic. NITDA must put the tools out for organizations to adhere to and start running multiple training sessions immediately.
“Is it not worrisome that institutions like the Joint Admission and Matriculation Board (JAMB), Federal Airports Authority Of Nigeria (FAAN), Nigeria Universities Commission (NUC), National Hospital and Federal Medical Center, Jobberman and the health sector are among others missing from such a list,” He asked?
He said it is disturbing that government-owned institutions seem not to comprehend the magnitude of risk they expose the nation to by failing to ensure that enormous data in their custody are properly protected.
While he hailed the federal government for being proactive with regards to protecting data by initiating the regulation in line with world best practices,
He noted, “We are at a time when need for data protection isn’t just a luxury but an absolutely necessity as many organisations are actively involved in gathering data.
“However, we have never been more vulnerable now than ever before. If data gets into the wrong hands a-lot of damage can be done with it. A lot of individuals have been destroyed because their data got into the wrong hands not to talk about our reputation globally regarding 419 activities and yahoo boys syndrome. We are better than this and we should be doing a lot more in my opinion.
“That is why we are concerned that despite the regulations by NITDA to ensure data is protected, many organisations, especially sensitive Ministries, Department and Agencies (MDAs) who handle sensitive data are yet to undergo the process of ensuring that data under their custody are properly protected in line with the rules.
“We are aware that sanctions where spelt out for defaulting establishments but must we keep waiting until a major crisis happens before those organisations sit up?” I truly believe NITDA should go after this organizations with trained task forces to ensure compliance are taken seriously.
On Nigeria’s data protection readiness, he said “Nigeria is on track but the gaps are becoming a concern to me. The data protection regulation by NITDA, was fashioned after that of the EU. I’ll like to see more information out there about data protection and immediate basic measures adopted immediately. I can see the problems ahead now but we can control it if these measures adopted.
“And NITDA have ordered federal government MDAs to be compliant with it even as there are sanctions for none compliance. Data compliance organisations licenced by the NITDA have been deployed to help organisations become compliant. But many organisations are not complying and this a shame. This is not just sad but deeply worrisome,” he said.