On NDPC and ways to enhance data governance
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
Data governance plays a crucial role in protecting individuals’ privacy, ensuring data quality, and promoting responsible data management practices. The Nigerian Data Protection Commission (NDPC) is a vital entity responsible for overseeing data protection and privacy in Nigeria. In this article, I will explore how the NDPC can enhance certain components of data governance to establish a robust framework for data management and privacy protection in the country.
The NDPC should develop and enforce a comprehensive data governance framework that outlines the roles, responsibilities, and processes for data management within organisations. This framework should align with international best practices, such as the General Data Protection Regulation (GDPR), and provide clear guidelines on data collection, storage, access, and usage.
They can assist organisations in developing data strategies and plans that align with their business objectives while considering privacy and data protection principles. By providing guidance and templates, the NDPC can help organisations create data strategies that address data privacy concerns, data quality requirements, and data lifecycle management.
To ensure reliable and accurate data, the NDPC can encourage companies to implement robust data quality management practices. This includes defining data quality standards, establishing data validation processes, and promoting data cleansing activities. By emphasising the importance of data quality, the NDPC can enhance trust in data and facilitate better decision-making.
As the primary custodian of data privacy in Nigeria, the commission should focus on promoting strong data privacy and security practices. This includes enforcing compliance with data protection regulations, providing guidance on data breach prevention and response, and encouraging organisations to adopt encryption, access controls, and other security measures to protect sensitive data.
The NDPC should collaborate with legal experts to develop and update data protection regulations that align with evolving technological advancements and international standards. Yes, there is the Nigerian Data Protection Regulation; however, this regulation must meet localisation standards — business ecosystem within the Nigerian realities. The NDPC can help organisations understand their compliance obligations and mitigate legal risks associated with data governance and privacy.
The commission can play a pivotal role in promoting ethical data practices by encouraging organisations to adopt responsible data handling practices, obtain informed consent for data collection and processing, and implement measures to prevent data discrimination and bias.
The NDPC can guide companies in establishing clear data stewardship and ownership frameworks. This includes defining roles and responsibilities for data custodians, promoting data sharing agreements (there is yet to be a set standard for data sharing between controllers, joint controllers, and more importantly, data controllers and data processors). By clarifying data ownership, the NDPC can foster accountability and transparency in data governance practices.
The NDPC, in its capacity as a Data Protection Authority, can assist companies in identifying and managing data-related risks. This involves conducting data privacy impact assessments, risk assessments, and audits to ensure compliance with data protection regulations. By helping organisations proactively address data risks, the NDPC can minimise the likelihood of data breaches and privacy violations.
In addition to the above, they can advocate for companies to implement comprehensive data lifecycle management practices. This involves defining data retention periods, establishing data disposal procedures, and promoting data minimisation principles. By emphasising proper data management throughout its lifecycle, the NDPC can reduce privacy risks and unnecessary data accumulation.
The NDPC should prioritise data governance training and awareness programmes for organisations and individuals. By organising workshops, webinars, and providing educational resources, the NDPC can enhance understanding of data governance principles, privacy rights, and best practices. This will empower organisations and individuals to adopt responsible data management practices.
The Nigerian Data Protection Commission plays a vital role in enhancing data governance in Nigeria. By focusing on these highlighted components of data governance, the NDPC can establish a robust framework that ensures data privacy, quality, and responsible data management practices. Through the enforcement of clear regulations, collaboration with legal experts, and the provision of guidance and training, the NDPC can foster a data governance culture that protects individuals’ privacy rights while enabling Nigerian organisations to harness the value of data for innovation and growth.