Data Privacy Framework: Key to entering international markets
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
For Nigerian companies to enter international business transactions or attract foreign investors, they must pay attention to their data management framework. Yet, many Nigerian companies want to penetrate the global market while paying little attention to their data privacy and information governance methodologies.
Entering into international markets is one of the dreams of many Nigerian companies. However, these so-called global companies fear to transact with companies that don’t respect the freedoms or rights of humans as stipulated in the General Data Protection Regulation (GDPR) or that fail to obey other existing human right laws.
What should a Nigerian company do?
Imagine a customer from, say Europe, wants to order some items from your company, what are the guarantees you can give the customer that: (a) their data is safe (b) that their credit card information is safe (c) that you have and maintain the technical capability to deliver the products (d) after the purchase, how long will data be retained. Inability to answer these questions exposes the company to reputational and financial damage.
You can’t expect a street boxer to fight in an organised match and not follow the rules. The organisers will disqualify her. A lot of Nigerian companies disqualify themselves before the game proceeds and unconsciously lead themselves out of the international competition by simply overlooking personal data management within their business processes.
Data privacy issues and data protection implementation now represent the gold standard of business relations. Many companies are asking tough questions about how their business partners transfer and manage data.
Some Nigerian companies think compliance with data protection means complying with only the Nigerian Data Protection Regulation (NDPR), but it is much more than that. The changing face of business, especially after the COVID pandemic, reveals that companies must comply with both local and international privacy laws as this shows their seriousness. Business and consumers alike wouldn’t want to partner with companies that mismanage personal data.
For example, some Nigerian banks use some International Organization for Standardization (ISO) to measure their data privacy implementation framework. To be seen as” global”, these banks are taking steps to showcase their care for privacy and data protection.
A Nigerian company takes bookings from international holidaymakers who have to make payments via an online platform. That company must be aware of specific regulatory laws like GDPR if the customer is flying from Europe and more specifically, the company should consider the Payment Card Industry Data Security Standard (PCI DSS) when collecting the customer’s card details.
Entry into the international market space is simple. However, there are certain traits a company must display like its data protection commitment. This feature engenders trusts with customers and gives the business the competitive edge to play on international fronts which build business profitability.
There are basic global facts of the data protection principle. Understanding them is not enough, but ensuring that the business processes match the direction is critical in building a twenty-first-century business.
Whether your company serves only local clients or international customers, data protection and data privacy should play a significant role in your business.
Almost every Nigerian company uses personal data daily, and, therefore, the management framework of those datasets becomes crucial. Data protection is here to stay, and any company that wants to play on that international level must begin to embrace these truths or risk business collapse. What’s more, raising the awareness within the company structure should be regularly harnessed and enshrined into the company ethos.
It’s advisable to have a data protection vision and mission statement, which is a piece of concise information which addresses your customers and enlightens your employees about how your company treats personal data. One key fact remains unchanged in the new business terrains; personal data is the new oil and regulations around it will keep expanding. As such, Nigerian companies must not only stay informed about these regulations but also have the right standards, policies, and procedures that comply with these laws.