Friday, 29th March 2024
To guardian.ng
Search

Data protection experts identify bottlenecks to NDPR implementation

By Chike Onwuegbuchi
31 July 2020   |   4:18 am
Released last year, Nigeria Data Protection Regulation (NDPR), clearly stipulates requirements for data collection, processing and defines how the data should be held and the ability to be used by third-parties.

PHOTO: Shutterstock

Released last year, Nigeria Data Protection Regulation (NDPR), clearly stipulates requirements for data collection, processing and defines how the data should be held and the ability to be used by third-parties.

This is a first step in ensuring safety of all users of the web.

The inclusion of hefty penalties for various cyber related crimes is also a key milestone in deterring cyber criminals and ensuring compliance with the law.

However, as laudable as the law appears experts have identified obstacles that if not addressed could make the regulation ineffective and of no value.

Brencil Kaimba, senior Cybersecurity Consultant Product Strategy and Development at Serianu, said that, putting policies and hefty penalties does not guarantee compliance or overall safety of the general public. “Comprehensive security has to consider People, Process, Technology and Policy.

“Laws only take care of the policy bit. A lot still needs to be done for People (particularly awareness, understanding the contents of the laws and their rights), Process (putting the right infrastructure for reporting and prosecuting these crimes) and Technology (equipping the law enforcement with the right tools to identify and proactively detect non-compliance),” he said.

He however, identified major envisaged obstacles to the implementation of NDPR which includes; Low awareness in the country. According to him, “to address this, regulatory bodies will have to embark on nationwide awareness campaigns aimed at helping citizens understand the contents of these laws, process of identifying these crimes and how to report these to the police. Law enforcement training will also help equip police and prosecutors with the skills to identify cybercrime, obtain evidence and prosecute”.

He decries absence of infrastructure for identification and implementation of the law. “To implement data protection requirements, organisations need to have capabilities (either in house or outsourced) for data protection assessment, reporting etc. These are skills that were previously not existent. There is still need to acquire tools to identify non-compliance, monitoring infrastructure, audits etc. To address this, regulators together with data processors and third parties need to invest in proper technologies and or processes for monitoring both compliance and non-compliance to these laws.”

Corroborating Kaimba, Engr. Olusola Teniola, President, Association of Telecommunications Companies of Nigeria (ATCON) which recently opened an engagement with National Information Technology Development Agency the proponents of NDPR on the enlightenment of its members on the regulation, said: “the biggest challenge is lack of skills sets and knowledge in the area of Data Science, Analytics and BIG Data to be able to ensure that an individual internet user’s personal data is truly secure.

“The complex nature of the Internet and other enabling social media platforms is evolving at vast speeds and this then places an additional burden on not only NITDA to acquire personnel that have these requisite skills but also the judiciary and other enforcement agents that NITDA will need to work alongside in order to effectively enforce the NDPR in its true spirit.

“The whole essence of NDPR and Cybersecurityviz-a-vie protection is to ensure users of the World Wide Web and their data is treated in a manner that provides confidence to the consumer that their personal data information is not unduly exposed to 3rd party data abuse or outright fraud.

“In the spirit of this the NDPR provides guidelines, procedures and processes that should be adopted to ensure that the principles of a fair and neutral Internet are available to all citizens of Nigeria. Furthermore, the regulation with an act/law backing it up will promote an environment similar to the way the current Data Protection Act is observed in the handling of information in our present operating environment”.

0 Comments