DATA PROTECTION IN NIGERIA - A MODERNLY RELEVANT SKILL AND AN UNEXPLORED GOLDMINE FOR CAREER GROWTH.

In November of last year (2023), I came across an Instagram reel (shared by a friend). It was a video of Dr Vincent Olatunji speaking at an event by the Nigeria Nigeria Data Protection Commission- NDPC . For those who didn't know before now, he is the National commissioner and chairman/CEO of the NDPC/NDPB. In the video, he highlighted the following;

1. Certified Data Protection Officers (DPOs) in Nigeria today are not up to 10,000.
2. Over 500,000 businesses/companies exist, which are considered to be data controllers and processors. Each is supposed to have a DPO.
3. There is a huge talent gap of about 490,000 jobs waiting to be occupied.
4. There is an information/skill gap that exists. Many people aren't even aware of the opportunities that exist in this field of work.
5. The standard globally is THE SAME, being certified and knowledgeable in the field of GENERAL DATA PROTECTION REGULATION (GDPR) or DATA PROTECTION/PRIVACY makes one fit to work ANYWHERE! You can be a Nigerian based in Nigeria and be a DPO for a company abroad (remote work).
6. The sector of GDPR and Data protection/privacy has the potential to create more jobs, work and wealth for the country. It currently has almost half a million positions in the country waiting to be filled.
7. Sectors that require this skill set are; Banking, insurance, medical (hospitals), hospitality (hotels), education (schools), aviation and so on.

Based on the above information, I began to make my findings and discovered that truly the global standard is the same, you don't even need to get a university degree or college diploma to qualify as a DPO. Online courses, resources and certifications are enough for one to qualify as a DPO.

I enrolled for, completed and got certified in 2 courses on Udemy as follows;

1. Complete GDPR, GDPR Certification, data protection, privacy

2. CDPO Course 101: Certified Data Protection Officer

Some of the highlights of the courses for me are as follows;

1. I recall that during my days as a call centre agent in 2020 at iSON Xperiences - Smarter Empathic AI for airtel one of the telecom giants in the country, getting on "the floor" with your phones or writing materials was frowned upon. You had to leave everything you had on your person in your bag or in the lockers made available by management.
2. I concluded that being certified in GDPR and data protection/privacy goes well with the work with do as "M&E" / Monitoring, Evaluation, Research and Learning (MERL) practitioners, especially concerning the data we collect, collate, interpret, analyze and report on. This is because we have access to a lot of personal information/data from our respondents in the course of Impact Assessment.
3. This competence isn't restricted to the above fields only. Everyone in every field of work that is data-driven needs the knowledge (not just the certification). In my opinion, possessing this knowledge would count to us all as doing our "due diligence" as well as boosting our integrity levels, while also improving the reliability of the data we use/have access to and the final output of the data that we provide in the course of dispensing our duties.

VIOLATION of the GDPR

Let's delve into the punishments, fines and sanctions that exist for business entities found in violation of the GDPR;

1. Administrative Fines: Depending on the severity of the case;

- Up to €10 million, or 2% of the company's global annual revenue, whichever is higher.

- Up to €20 million, or 4% of the company's global annual revenue, whichever is higher.

2. Warnings and Reprimands: In less severe cases, supervisory authorities may issue warnings or reprimands to organizations found in violation of the GDPR.

3. Data Processing Restrictions: Supervisory authorities have the authority to impose restrictions on an organization's data processing activities if they determine that the processing is not in compliance with the GDPR.

4. Orders to Rectify, Erase, or Restrict Processing: Authorities can issue orders requiring organizations to rectify inaccuracies in personal data, erase data, or restrict processing activities if they are found to be non-compliant with GDPR requirements.

5. Temporary or Permanent Bans on Data Processing: Supervisory authorities may impose bans on an organization's data processing activities. This can severely impact the organization's ability to conduct business, especially if data processing is integral to its operations.

6. Legal Actions and Civil Damages: Individuals affected by GDPR violations may also have the right to seek legal remedies, including compensation for damages suffered as a result of the violation.

7. Loss of Trust and Goodwill: I feel like this is worse because disgruntled, existing or potential clients would be sceptical when it comes to dealing with such a company found in violation and would think twice before consenting to or releasing personal data.

Businesses need to understand and comply with the GDPR's requirements to avoid these penalties and sanctions. Compliance efforts typically involve implementing robust data protection measures, conducting regular audits, providing employee training, and maintaining documentation of data processing activities.

The above sanctions apply to companies located in the European Union (EU) and those outside the EU but with access to data on EU citizens despite not being physically present in the EU. They are quite hefty and scary, so I advise all organisations that fall into the category of data controllers and processors to take time to acquaint themselves with all that there is to know about GDPR and Data Protection/Privacy.

WHY DID I PUT THIS ARTICLE TOGETHER?

1. To inform, arm and equip you. You can add this certification to your personal development/career growth checklist.
2. So you can get ahead of others and acquire the skills necessary to take up the available jobs.
3. So that you can save yourself and your employer/organization from a lot of potential damage that could occur as a result of ignorance (which is no longer an excuse).
4. To let you know that I am open to teaching more in-depth knowledge about GDPR and Data protection to individuals and whole organizations so that you and your staff can be well-equipped. You can contact me for speaking engagements.
5. To hear your thoughts on this sensitive matter of data protection and privacy in a country like Nigeria.

All there is to know about the topic can not be covered in this article, so I would love to organize a learning forum/community where issues around GDPR are dissected for proper understanding, I'm open to answering questions on the topic, as well as more learning, joint/collaborative research and coming up with a curriculum on GDPR and Data protection/privacy as it relates to Nigeria and Africa. All I have learned so far (the 2 courses) are GDPR as it relates to the EU.

Thanks for your time.

#NDPC #DataProtection #DataPrivacy #PrivacyProtection #GDPR #NDPB #NigeriaDataProtectionLaw #NDPA #DataProtection #data #law #nigeria #MERL #MonitoringAndEvaluation #ImpactAssessment #DPO