On 25 January 2019, the National Information Technology Development Agency (“the NITDA”) issued the Nigerian Data Protection Regulation (“the Regulation”) to regulate organisations that collect and process personal data (“Data Controllers”).
The Regulation mandates Data Controllers, who process the personal data of more than 2,000 subjects, to submit a summary of their organisation’s data protection audit not later than March 15 of every year.
The NITDA, in an earlier directive (here) and in recognition of the impact of the COVID-19 pandemic on businesses, extended the deadline for the filing of the audit report for 2019 from 15 March 2020 to 15 May 2020. The NITDA has now further extended the deadline from 15 May 2020 to 30 June 2020.
It should be noted that unlike the first extension to 15 May 2020, which only applied to organisations that had earlier requested for an extension of filing of audit report, this extension to 30 June 2020 applies to all organisations regardless of whether or not they have submitted an application for extension to the NITDA.
It is expected that organizations who are yet to submit their annual audit reports will take all necessary steps to meet the new submission date of 30 June 2020, to avoid the imposition of sanctions under the Regulation and the NITDA Act.
We may yet witness further extensions on the basis that businesses are yet to return fully in light of the COVID-19 pandemic. We will continue to monitor the space and provide updates.