Nigerian companies should think of data protection as an Insurance policy
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
Building a data protection regime is a prudent cost to any serious Nigerian organisation. Like any other insurance policy taken out, it’s not about making a profit, it is about ensuring that the necessary data protection is available. There are no insurance premiums as these are paid internally in the form of the right software, people, and processes.
Let’s paint a scenario.
One day, the Chief Executive Officer of a Nigerian organisation, found out that sensitive information assets of her organization went public. It landed in the hands of unscrupulous individuals. These individuals built a business with similar business models and products because of this leaked information.
She realised, albeit too late, the importance of protecting information always. Because she failed to take out a data protection policy on her company, she markedly affected the company’s revenue.
Before now, heard about the General Data Protection Regulation(GDPR) and later, the Nigerian Data Protection Regulation but thought those things don’t work in Nigeria and didn’t factor data protection into her agenda.
But, on this day, because she was not prepared for what happens when her company’s trade secrets leaked, she has to make tough decisions fast.
You get the picture.
This is will be the story of many Nigerian CEOs. I am not trying to be pessimistic but I am trying to shed more light on the insouciance of some company CEOs.
Having discussed with some stakeholders in various Nigerian companies and some CEOs it seems to me that there is a collective thought that bothers on illogical conclusions.
First, that the Nigerian government is not ready for data protection. Second, they ask: who is coming to get any stakeholder for mishandling data in their possession? Do Nigerians know their rights as data subjects and even if they do, who will they report to or who will listen to them? Asked another stakeholder.
There lies a problem with data protection in countries where human rights are not respected. Most stakeholders are quick to dismiss the intricacies embedded in data protection. They miss the aspect of protecting the Nigerian business environment.
There are no right superlatives to describe any stakeholder that doesn’t fashion data protection into their company’s framework. On the technical side of things, the lack of focusing on protecting the information assets in your possession will only expose the company to unforeseen dangers and put customers at risk. In summary, electronic information or any other form of information in a company possesses should be protected with the right framework or the company will suffer some consequences outside the ambit of the regulations in place.
C-level executives should be aware of the breadth and scope of data protection. Effective data protection costs money—in people, time, and resources. With the always-competing demands for always-scarce resources, executives have to prioritise the different aspects of data protection appropriately. And executives have to have an ongoing commitment (which means that they remain firm in ensuring that the appropriate actions are carried out in pursuit of a holistic data protection program in their organization).