Michael Irene, Managing Partner of Mirene Global Consults in this interview with BusinessDay’s Frank Eleanya, speaks about data protection and administration in Nigeria. He also speaks on the impact of the Nigeria Data Protection Regulation on businesses and individuals.
Tell us about your company?
Our company provides a complete range of data protection, privacy services, and cybersecurity services to companies. These services include gap analysis, incident response management, security risk management, identity and access management, data protection impact assessments, and data protection officer as a service. Our services and solutions allow small and large organisations to grow their profits, manage information in their possession well, and give them that global modern competitive edge.
Can you explain how your company takes on the task of helping companies with their business procedures to ensure that they are protecting the freedoms and rights of their customers?
That’s quite simple. Through our services, which I mentioned above, we help companies ensure that they protect the freedom and rights of their customers. Not only that, by building the right data privacy framework for our clients, we prevent them from data privacy breaches, engender trust in their customers and protect their reputation. Our business is much more than ensuring that companies comply with these data protection regulations. It is also about ensuring that we help them build a sustainable business that is locally and internationally recognised.
What are the incidences that prompted regulations such as the General Data Protection Regulation(GDPR)?
Many incidences prompted GDPR. If you dig deep into the historical underpinnings of data protection, it dates back to the United Nations Human Rights Declaration immediately after the Second World War. There was an increase in the care of personal information of Europeans. After that, there was a convention opened for signature in 1981, which was the first legally binding international instrument in the data protection field. After that, there was the introduction of the Data Protection Directive, which eventually lead to the promulgation of the General Data Protection Regulation. So, data protection, in Europe primarily, built traction from the late 40s.
Read Also: Nigeria’s streaming industry booms but data cost slows growth
Could you shed some light on the NDPR policies and the current data protection bill?
The Nigerian Data Protection Regulation, to summarise, basically proposes to give Nigerian citizens the right to be in charge of their data. It presents basic principles that some companies must abide by when processing data. Some of these principles include transparency, fairness, and limiting the purpose when processing data.
So, what should an ordinary citizen know about Data protection, and how are they affected?
They should know that there is a regulation that is in place to protect their personal information. They should also know, most importantly, their fundamental rights under the new Nigerian Data Protection Regulation. They can ask companies before they pass out their information, how long the company will hold their information if the company passes their data to a third party. They can ask for their data to be deleted by a company. There are certain rights that Nigerian citizens now have when it comes to their personal information.
How will this affect Nigerian companies that process private data?
The trend in global privacy is to endow data subjects with greater control over their data and require increased transparency regarding how organisations communicate to data subjects about the ways they process the data subjects’ subjects’ data. I think this will help companies build business processes that respect the rights and freedoms of Nigerian citizens. More specifically, it would make companies more competitive in that it will give them that look of taking their customers seriously and build trust.
It will be critical for your organisation’s brand to handle data subject access requests in a way that engenders customers’ trust. Organisations that are responsive and have sound processes will come to view each interaction with a data subject as a trust-building exercise and an opportunity to improve how their organisation is viewed internally and externally.
Does the NDPR affect public institutions?
Yes, it does. It affects any institution that processes information. By processing, I mean storage, deletion, or even accessing information. Public institutions process personal data daily. Therefore, Nigerian public institutions must have the technical and organisational measures in place for the management of this information.
Do you think Nigerian organisations have the right resources to safeguard private data?
Nigerian companies have the resources it takes to safeguard personal information. I don’t think some of them care about information management. But, the ones who care about their business ensure that there are processes in place and more importantly, that they have the right technology to secure and manage the information in their possession. A lot of Nigerian companies have these capabilities, and I am sure with the proper guidance, they can build data protection sensitised organisations.
Is there anything Nigerian citizens can do to protect their data?
They should know that they have certain rights as proposed by the new Nigerian data protection regulation and this includes asking companies who they’ve shared information with to delete their information or make some correction to their data. They should also be able to make complaints if they think a company is mishandling its data.
