The Nigeria Data Protection Commission (NDPC) has commenced an investigation into TikTok and Truecaller over suspected data breaches, aiming to ensure their compliance with the Nigeria Data Protection Act.
Vincent Olatunji, National Commissioner and Chief Executive Officer of the NDPC, stated this at a Press Conference in Abuja on Thursday.
Olatunji stated that the Commission had started assessing their compliance with data protection laws and would decide on appropriate regulatory actions based on its findings.
“As we speak, we have even gone to the extent of investigating multinationals. We are currently investigating TikTok and Truecaller in the area of data privacy”.
Read also: Nigerians up earnings from YouTube, TikTok as content creation thrives
“Depending on our findings, if they are able to go through remediation and do what is right, we are happy to work with them”, he said.
The Executive Officer revealed that when the Commission initially began monitoring compliance, only 4% of organizations adhered to data protection regulations.
He however noted that increased enforcement and stakeholder engagement had raised compliance levels to over 55%.
He explained that the NDPC does not impose immediate sanctions but adopts a remediation approach, which involves assessing breaches based on their severity, the number of affected individuals, and the potential impact on the economy.
He said that rather than announcing non-compliance outright, the Commission provides companies with specific corrective measures to address their shortcomings.
The Commissioner added that once a company was found to be in breach, it must maintain detailed records of its data processing activities and correct any identified failures. Organisations under scrutiny are monitored for a period of six months to a year to ensure full compliance.
He further stated that while the Commission is open to remediation, it won’t hesitate to take stronger measures if necessary.
At the Press Conference, the NDPC also introduced the Nigeria Data Protection Act – General Application and Implementation Directive, which provides guidelines to help data controllers and processors comply with the law.
Read also: TikTok restates commitment to users’ safety in Q3 2024 report
Olatunji said many organisations do not fully understand data protection regulations, leading to inadvertent breaches.
The directive, which will be available on the NDPC portal, is intended to provide clarity and reinforce the role of Data Protection Officers in ensuring compliance.
