Oyo State selects DSPL To provide Data Protection Compliance Services

Oyo State selects DSPL To provide Data Protection Compliance Services

TECH DIGEST – Oyo State Government has entered into agreement with Data Protection Services Limited (DSPL) to help in the implementation of the Nigeria Data Protection Regulation (NDPR).
By law, all public and private organisations that process the personal data of more than 1000 data subjects in a period of six months and 2000 data subjects in a period of 12 months must submit a Data Protection Audit Report to National Information Technology Development Agency (NITDA).

According to NDPR provisions, the submission is annual and mandatory. Data protection audit filing must be not later than March 15 of every year.

All public and private entities handling data must comply with the NDPR and only DPCOs are licensed to ensure compliance.

DSPL is one of the data protection compliance organizations (DPCOs) licensed by the NITDA to provide such services.

To this end, among others, part of the services DSPL will be delivering in Oyo include: trainings and awareness creation for employees of the state on data privacy policies for ministries, departments and agencies (MDAs); collection of data, disposal of data; and audit of the state’s MDAs to assess their level of data protection maturity.

Speaking on the partnership, the Chief Executive Officer of DSPL Nigeria Limited, Tunde Balogun, said that DSPL will immediately commence work with the State Government on data protection related matters.

As a leading data protection company, DSPL is already providing similar services for the Plateau State, central Nigeria.

TechDigest gathered that it has particularly guiding the Plateau State Internal Revenue Service (PSIRS) to meet the compliance requirements of the NDPR.

The NITDA introduced the NDPR in 2019 and is designed to safeguard the right of natural persons to data privacy, foster safe conduct of transactions involving exchange of personal data.

MDAs handle largest data at risk of breaches
Now doubt, the new deal in Oyo State will further consolidate DSPL’s professional presence as a leading data protection company with immense experience servicing the public sector to meet the compliance requirements of the NDPR.

“The MDAs of governments, whether Federal or State, in the country handle the largest amount of personal data that could be easily compromised, thereby leading to a breach of the NDPR. As a professional company, DSPL guides clients through a mix of complex awareness tools and trainings to ensure they meet the requirements of the law as specified annually,” said Balogun.

The NDPR sets out to deal comprehensively with the protection of the personal information of Nigerian citizens and anyone resident in Nigeria.

“We are an organisation founded to meet the unique needs of each of our clients and provide a workable framework allowing them to meet their compliance obligations under the law,” added Balogun while assuring the state government of the company’s commitment to ensure it meets the NDPR guidelines in real-time.

Data drives digital economy
Data drives the digital economy and as Nigeria repositions to become more digitised, data merits and risks will be higher requiring increased government oversight role and regulation, said Balogun.

His words: “Data compliance is a critical issue as we become more technology driven and adhere to the tenets of a digital economy.”

DSPL’s services include NDPR Gap Analysis, allowing companies to effectively be data processors or controllers in relation to information about customers, employees and suppliers as ruled under the NDPR; Security Level to identify databases and their required security level; Website Compliance including website scanning for compliance gaps with NDPR cookies and consent requirements; Corporate Governance Procedures that covers updating and writing of corporate governance documents, procedures, guidelines and information security procedures; and Mapping for mapping organizational computer systems and databases as well as Mapping of data processing activities.