The Nigeria Data Protection Commission, NDPC, has issued a regulatory advisory to all Data Controllers and Data Processors in the country.
This is in response to escalating threats to data security infrastructure.
The Commission said that its technical assessment indicates that some shadowy threat actors have engaged in coordinated operations targeting financial systems and some key digital infrastructure in Nigeria.
“Public establishments are therefore reminded of the presidential directive of President Bola Ahmed Tinubu, declaring that, ‘Data is the new oil, its value increases the more it is refined and responsibly shared,” a statement signed by Babatunde Bamigboye, Esq. Head, Legal, Enforcement & Regulations, said.
It quoted the President as saying, ‘I therefore direct all Ministries, Extra-Ministerial Departments and Agencies to capture information rigorously and safeguard it under the Nigeria Data Protection Act 2023.”
The Commission advised that data controllers and processors (including MDAs) are to urgently step-up their technical and organisational measures to ensure the privacy of all Nigerians and other data subjects in line with the Nigeria Protection Act, 2023 (NDP Act).
The measures include: Appointment of duly trained and certified Data Protection Officers, Development and effectual implementation of Privacy Policies and information security standards, Carrying out Data Privacy Impact Assessments Deployment of robust identity and access controls, including Multi-Factor Authentication (MFA), Implementation of zero-trust security architecture and network segmentation and Immediate remediation of identified system vulnerabilities and continuous patch management.
Others are Securing cloud infrastructure, APIs, databases, and access credentials, Implementation of real-time monitoring, logging, and threat detection mechanisms, Implementation of encryption, key management, and secure credential handling, Conduct of Vulnerability Assessment and Penetration Testing (VAPT) on critical systems and Regular backup, recovery, and resilience testing.
NDPC said it is prepared to provide requisite regulatory support to organisations in order to ensure adequate level of data privacy and protection.
Organisations that fail or neglect to implement appropriate measures as required under the Nigeria Data Protection Act, 2023 may incur legal liabilities.
