Complying with the NDPR- Data Security

In order to reduce the burden of NDPR compliance on ESET customers, ESET is offering 1 year free license to existing users of ESET Endpoint Protection Solution, provided such organisation add any of the solutions mentioned in this article at next renewal in 2020 (T & C apply, contact ESET at sales@esetng.com to learn more about the offer)


NDPR
NDPR

If you are an organization- public or private and operate in Nigeria, the Nigeria Data Protection Regulation (NDPR) and the digitization of the database of all organization holding or processing personal data, almost certainly affects you.

These requirements are already in force, and its implications are complex and the potential penalties for non-compliance is severe. Encrypting data and creating an additional authentication for data accessibility that you hold is one way to help you meet the new data security rules. In this article, you will learn of how ESET can take you one giant step further on your way to be NDPR compliant, with minimal effort!

What is NDPR?

The National Information Technology Development Agency (NITDA, hereinafter referred to as the Agency) is statutorily mandated by the NITDA Act of 2007 to, inter alia: develop Regulations for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour and other fields, where the use of electronic communication may improve the exchange of data and information.

NITDA introduced The Nigerian Data Protection Regulation {NDPR} and enforced its compliance from January 2019 as the new requirement on collection and processing of personal data and requires such activities to be in accordance with a lawful purpose consent by the Data Subject.

Due to this, Organisations have been mandated to put compliance measures in place within the first year of the regulation.

Compliance with this regulation will impact Data Protection Governance, Information Systems & Security Configuration, as well as Documented Policies & Processes.

The objectives of the regulation are as follows:

  • To safeguard the rights of natural persons to data privacy;

  • To foster safe conduct for transactions involving the exchange of Personal Data;

  • To prevent manipulation of Personal Data; and

  • To ensure that Nigerian businesses remain competitive in international trade through the safe-guards afforded by a sound data protection regulation.

NDPR applies to all storage and processing of Personal Data conducted in respect of Nigerian citizens and residents and it covers transactions intended for the processing of personal data and to actual processing of personal data and person(s) residing in Nigeria or residing outside Nigeria but of Nigeria nationality.

Unlike the EU’s General Data Protection Regulation (the GDPR), NDPR is not enforced on persons and organizations outside Nigeria that collect, store, or process data of persons in Nigeria.

Potential Consequences for Non-Compliance with NDPR

The maximum penalty for breaches of data privacy rights on international transfers can be up to N10M or 2% of annual gross revenue of the preceding year, whichever is higher and based on the number of Data Subjects dealt with. Other massive losses that non-compliance could cause are reputation damage and Prosecution of principal officers in the event of a severe data breach.


Compliance Requirements:


The NDPR regulation requires that Data Controllers and Data Processors:


  • Engage a Data Protection Compliance Organization (DPCO) to perform a Data Protection Audit and file a report with NITDA within the stipulated timeline

  • Designate a Data Protection Officer (DPO) who will be responsible for driving NDPR compliance initiatives within the organization

  • Document and publish a data protection policy in line with the requirements of the Data Protection Regulation

  • Ensure continuous capacity building and training for Data Protection Officer and other personnel involved in processing personal data

How ESET helps organization to comply with the data protection regulations

The Regulation is aimed at impacting Data Protection Governance, Information Systems & Security Configuration, as well as Documented Policies & Processes which are the core functionality of some ESET Business solutions.

Example of such solution is Safetica, a Data Loss Prevention, Productivity Management and Data Classification solution that protects organisations from expensive data leaks and also drives absolute productivity.

ESET Secure Authentication is a powerful multi-factor authentication solution that helps in the compliance of the recommendation by the regulation, and satisfy many of the regulatory requirements by creating an additional layer of security while preventing unauthorized access to networks and personal data in the database.

Another key compliance enabler is ESET Endpoint Encryption, with this premium encryption solution, organisations will be able to safely and easily encrypt data- hard drives, removable media, files and email, boost information security and comply with the NDPR.

How ESET encryption solution works to help comply with the NDPR.

By securely encrypting the personal data records of public and private organisations, the organization and business can then protect itself in the event of a system breach. That’s because such incidents are much less likely to be regarded by regulatory authorities as a compliance failure if the data is properly encrypted.

ESET Endpoint Encryption uses a combination of public and private keys to make encryption as simple and powerful as possible for organizations of all sizes.

ESET solutions are powerful and easy to deploy. To learn more about our ESET business solution portfolio, kindly visit www.esetng.com or click here


Please find the relevant links below for more information regarding NDPR and email sales@esetng.com for enquiries.

NDPR FRAMEWORK

TAKE A COMPLIANCE TEST

HOW CAN ESET HELP?

About ESET

For more than 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET is the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit www.eset.com , email us info@esetng.com or follow us on LinkedIn, Facebook, and Twitter.

Recent Posts

Search By Categories
No tags yet.