On 25 January 2019, the National Information Technology Development Agency (“the NITDA”) issued the Nigerian Data Protection Regulation (“the Regulation”) to regulate organisations that collect and process personal data (“Data Controllers”).
The Regulation mandates Data Controllers, who process the personal data of more than 2,000 subjects, to submit a summary of their organisation’s data protection audit not later than March 15 of every year.
The NITDA in a recently issued directive, recognised the disruption that the coronavirus pandemic (COVID-19) is having on businesses and has extended the deadline for the submission of 2019 annual protection audit report from March 15 2020 to May 15 2020.
It is expected that companies and organizations who are yet to submit the annual audit report will take all necessary steps to meet the new submission date of May 15, 2020, to avoid the imposition of sanctions under the Regulation and the NITDA Act.
Compliance can be done by engaging a licensed Data Protection Compliance Organization (DPCO) to review data collection and processing activities and to carry out the necessary measures for complying with the Regulation.