What is Data Protection?

It is a practice that guarantees data collected is categorized, controlled, handled with care and in tandem with the provisions of laid down laws and regulations.

Data Privacy and Protection Laws

Section 37 of the 1999 constitution of Nigeria makes data protection a constitutional right. It provides that “The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.”

In 2019, NITDA (National Information Technology Development Agency) whose duty is to develop, regulate and advise on Information technology in the country through regulatory standards, guidelines, and policies, released a data protection regulation called NDPR (Nigeria Data Protection Regulation) and it is the principal data protection legislation in Nigeria.


The biggest invention of the 21st century is “The Internet” and this contributes greatly to the giving away of personal data or information.

The social media must be awarded the grandest platform and accessory through which information is dispensed quickly. The amount of personal data released through social platforms is sensitive enough to be exploited to defraud users for economic gain.

It is therefore salient for these data to be protected. You should be able to decide what information you want to share and who has access to it. The social media algorithm can suggest posts to you like what you find pleasure in, and this is due to personal information collected as seen in your searches and likes etc.

Accusations of wrongly collected data over the years inspired the immediate need to protect data and brought about the implementation of the EU General Data Protection Regulation in 2018 and subsequently Nigeria through NITDA released NDPR in 2019 but before the NDPR, The 1999 constitution enforced cases of data breaches.

Data protection regulation is now globally recognized, and it exudes trust from a country for international relations and business opportunities since the world is now digitally driven. Investors, clients/customers locally and internationally will feel a sense of security to know that there are regulations which works to protect data or information shared while doing business.

Organizations explore the internet as a tool for marketing business strategies to reach their customers and in the process, data is exchanged. Names, bank details, medical information, pictures, email address and even home addresses are shared virtually.

This exchange has become a common trademark in this information age and for businesses. The objective is to collect client/customer data for competitive market advantage.

What the Law says

NDPR requires that all such collection must have been with the lawful consent of the clients and kept protected and not open to risks.

Under the NDPR, any organization that aspires to abide by regulatory requirements MUST engage the services of licensed professionals certified by NITDA to provide services for data control. These professionals are called DPCOs (Data Protection Compliance Officers) they provide technical services and file audit reports on behalf of organizations to NITDA.

Organizations in a business that requires the collection of data must do so with the consent of their client and the reason for collecting such data or information must not be in doubt but in accordance with NDPR guidelines.

A Case of Privacy Invasion

A Case of Privacy Invasion

Nigeria as a case study has experienced some privacy invasion as seen in the recent case of Soko Lending Company Limited aka Soko Loans, an online lending company, they reached out to contacts of their debtors to recover borrowed funds. Soko Loans grants its customers loans without collateral, but you will download their mobile application on your smart phone and activate a direct debit in Soko’s favor. When their clients fail to remit, they go for their contacts, they have access due to trackers embedded in their mobile application which shares data without providing such information to their clients prior to doing business.

NITDA imposed a fine of 10million Naira on soko loans for privacy invasion.

Our laws on data protection have completely weakened this type of loan recovery method.


The regulations to run a healthy business are there, and every organization must engage DCPOs, and explore the services of legal practitioners, Certified Fraud Examiners to guide on due diligence, protection of clients’ personal data, defamation of character whilst carrying out their daily business activities if data and information collection is one of your objectives.

Your data is your asset, and you must take every step to protect it and in compliance with regulations.

Damilola Atiri LLB. BL. CFE

Advisory Services Manager

RabloWoods Professional Services Limited

Leave a comment

Your email address will not be published. Required fields are marked *

Open chat
Want to Become a Certified Fraud Examiner ?
Attend our next CFE exam review course and become a Certified Fraud Examiner in December 2021. Registration is Ongoing!
       Register Now for the CFE Exam Review Course Second Cohort.
     Date: December 3-5 & 10-12, 2021.
* we never share your data with third parties.