By Ijeoma Olorunfemi
National Information Technology Development Agency (NITDA) has issued the Management of Personal Data by Public Institutions in Nigeria 2020 guidelines.
The guidelines was issued as a supplementary to the Nigeria Data Protection Regulation (NDPR) of 2019.
Its Head, Corporate Affairs and External Relations, Mrs Hadiza Umar, disclosed this on Monday in a statement issued in Abuja.
Umar said the guidelines were to enable the agency to implement its regulatory mandate.
“The guidelines stipulate the requirements for the processing of personal data by public institutions in Nigeria.
“It is issued to reinforce the implementation of the NDPR, while all the principles and provisions of the NDPR remain valid and applicable to all Nigerians including public institutions.
“The guidelines require all public institutions and any entity co-owned by the government to process all personal data of Nigerians and Data subjects in the country in line with best practices and highest standards.
“It takes cognisance of the fact that some public sector data processing may be founded on vital or public interest, so it requires public data controllers and processors to be ethical and professional.
“It also mandates the use of secure technology and automated processes for personal data by Public Institutions, in line with the requirements of the National Digital Economy Policy and Strategy,” she said.
Umar added that all public institutions holding and processing personal data were required to securely digitise all personal databases within 60 days from the issuance of the guidelines.
According to her, public institutions are required to maintain the highest level of information security to guarantee confidentiality, integrity, availability and resilience of all databases within their control.
She also recognised that there could be need for collaboration between the public and private sector to tackle emergencies or other state-led interventions for the benefit of citizens.
The official, however, said the guidelines provided a strict framework for such collaborations to ensure that the privacy of Nigerians was not unduly infringed.
“The COVID-19 pandemic, for example, has brought up the need for more personal data use to limit the spread of the virus.
“While we recognise the existence of constitutional limitations on privacy rights in the interest of public health and safety, such limitations must be based on defined frameworks.
“NITDA implores all concerned parties to comply strictly with the requirements of these guidelines and seek professional guidance from licensed Data Protection Compliance Organisations,” Umar said.
She aidd that the agency would ensure adequate compliance to the NDPR and other guidelines through monitoring, as well as sanction defaulting institutions as provided in NITDA and NDPR Act.
Umar urged all concerned parties to study the guidelines diligently, apply them accordingly and reach out to the agency for further clarifications.
She encouraged data processors and controllers to find available regulatory guidelines on the agency’s website: www.nitda.gov.ng.
The NDPR outlines the need to safeguard the right of natural persons to data privacy, fosters safe conduct for transactions involving the exchange of Personal Data, prevents personal data manipulation among other objectives.