Quick search
CTRL+K
Quick search
CTRL+K
Since 2010, the Global Law Experts annual awards have been celebrating excellence, innovation and performance across the legal communities from around the world.
posted 3 years ago
INTRODUCTION
In today’s world, the commonly used phrase “the world is your oyster” can now be taken literally by businesses. With the use of technology and data analytics, companies can now reach customers across borders with products/ services tailored to meet the peculiar needs of customers in various countries.
As data analytics has become a pivotal part of most businesses, understanding the regulatory framework for proper data usage is imperative. More specifically for local and multinational companies playing in the Nigerian market, understanding the requirements of Nigerian data protection laws for cross border transactions is key.
In this article we have set out in a simplified manner the requirements of the Nigerian data protection laws for cross border transactions.
The primary regulations are the Nigeria Data Protection Regulation (NDPR) and the NDPR Implementation Framework.
Any personal information that can be used to identify a Nigerian citizen (Personal Data) is regulated under the NDPR and subject to the restrictions on cross-border transfer. Please note that anonymised data is excluded from the restrictions on data transfer in Nigeria.
A company will be considered to have transferred data outside Nigeria where the company:
iii. relies on a Foreign Company for technical support and in the process grants that company access to the personal data of Nigerians.
Yes, countries deemed to have adequate data protection laws are included on a white list contained in the NDPR framework. These include, all African countries who are signatories to the Malabo Convention 2014; all EU and European Economic Area Countries; United States of America; Japan and many more.
Yes, but prior to such a transfer, the companies are expected to enter into data transfer agreements with the Foreign Company detailing the terms of the transfer and the measures to be adopted by the Foreign Company to protect the Personal Data received.
Yes, they will however be required to: (i) notify the individual whose data is being transferred of the risk involved in transferring data to a country without adequate level of protection; (ii) obtain the individual’s consent; and (iii) enter into a data transfer agreement with the Foreign Company prior to any such transfer.
Yes, to share personal data with companies within the same group, the transferring company is required to execute a Binding Corporate Rule (BCR) or include Standard Contracting Clauses (SCC) in data transfer agreements. These documents can be provided by licensed Data Protection Compliance Organisations in Nigeria.
CONCLUSION
A company that complies with the foregoing requirements of Nigerian law when transferring data out of Nigeria would avoid incurring substantial financial penalties from the National Information Technology Development Agency (NITDA).
It is pertinent to note that companies (both local and foreign) handling data of over 1000 Nigerian citizens are required to engage the services of a licensed Data Protection Compliance Organisation to review their activities and make recommendations geared towards ensuring compliance.
For clarity on the foregoing article, you may contact Pavestones Legal via info@pavestoneslegal.com. Pavestones Legal is one of the few licensed Data Protection Compliance Organisations in Nigeria and is also a full-service law practice providing support to both local and foreign clients.
posted 18 minutes ago
posted 4 days ago
posted 4 days ago
Find the right Legal Expert for your business
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
