May 12, 2020
On 8th May 2020, the National Information Technology Development Agency (“NITDA” or “the Agency”) notified all Data Protection Compliance Organisations (DPCOs) that the Agency has extended the deadline for filing the 2019 Mandatory Data Protection Audit Report by Data Controllers to 30th June 2020.
The obligation to conduct a self-audit and file a Data Protection Audit Report is a requirement under Paragraph 4.1.5 of the Nigeria Data Protection Regulation 2019 (NDPR) which requires Data Controllers (public and private sector organisations that collect, process, control or determine how personal data that is collected is processed) to conduct a data protection audit and file an audit report with the Agency. Data Controllers are also required to conduct this audit and file the audit report through a licensed DPCO.
This extension is NITDA’s latest development in response to the outbreak of the Coronavirus Pandemic in Nigeria. Recall that NITDA initially extended the filing deadline for the 2019 Data Protection Audit Report from 15th March 2020 to 15th May 2020. (Read our tax alert on this here). The Agency has now issued a further email communication to all DPCOs extending the filing deadline to 30th June 2020.
However, unlike the earlier extension to 15th May 2020 which only applied to organisations that had earlier requested for an extension of filing of Data Protection Audit Report from NITDA, this extension to 30th June 2020 applies to all organisations regardless of whether or not they have submitted an application for extension.
Organisations that are yet to comply are advised to take advantage of this extension window and engage a DPCO to support them in complying with the NDPR. This is to ensure that they comply within the window as NITDA may have recourse to its enforcement powers under the NITDA Act and the NDPR without further recourse to affected organisations, including those in the public sector entities. In this regard, non-compliance could result in sanctions under the NDPR, including fines of up to 2% of the organization’s gross revenue for the preceding year and other civil or criminal action against the organisation. In view of the prevailing public safety and health concerns arising from the outbreak of the Coronavirus in Nigeria, companies may adopt alternative methods, such as online interviews and remote review of documents to ensure they conclude the audit and send in the reports to NITDA by the new filing deadline of 30th June 2020.