April 2, 2020
On 30th March, 2020 the National Information Technology Development Agency (“NITDA” or “the Agency”) notified all Data Protection Compliance Organisations (DPCOs) that the Agency has extended the deadline for filing the mandatory Data Protection Audit Report by Data Controllers to 15th May, 2020.
This Notice applies to organisations that have already applied for extension through their DPCOs and to others that may apply for an extension through their DPCOs before the filing deadline of 15th May, 2020.
The obligation to conduct a self-audit and file a Data Protection Audit Report is a requirement under Paragraph 4.1.5 of the Nigeria Data Protection Regulation 2019 (NDPR) which requires Data Controllers to conduct a data protection audit and file an audit report with the Agency. Data Controllers are also required to conduct this audit and file the audit report through a licensed DPCO. NITDA has now extended the filing deadline to 15th May, 2020 for organisations that applied or will apply for an extension.
Furthermore, the Notice advises DPCOs to suspend visits to client sites and NITDA offices as part of the precautionary measures in tackling the global COVID-19 pandemic.
Organizations that are yet to comply with the mandatory 2019 self-audit now have a window to apply for an extension of time to conduct the audit and file the report. However, this application can only be made through a licensed DPCO. Such organizations are therefore advised to take advantage of the extension window as this will also enable them enjoy the exemption from filing the 2020 annual audit, which has been granted to companies that have filed the 2019 mandatory self-audit. Additionally non-compliance could result in sanctions under the NDPR, including fines of up to 2% of the organization’s gross revenue for the preceding year and other civil or criminal action against the organisation. In taking advantage of this window, companies and their DPCOs, are advised to ensure strict compliance with all safety measures imposed as a result of the COVID-19 pandemic. Also, since some states are currently under the lock down imposed by the Federal and State Governments, which restricts movements and has led to closure of offices, companies may adopt alternative methods, such as online interviews and remote review of documents to ensure they conclude the audit and send in the reports to NITDA by the 15th May, 2020 filing deadline.