The Nigerian IT regulator says it has launched a visitors’ book that safeguards users’ confidential information and complies with the nation’s data privacy rules.
The National Information Technology Development Agency (NITDA) decided to launch the visitors’ book that complies with the provisions of the Nigeria Data Protection Regulation (NDPR) after its survey reveals that Nigerian public institutions and small business owners are still confused by the rules around data protection and privacy regulations, Kashifu Inuwa, NITDA Director-General says.
In launching the visitors’ book, Inuwa says that NITDA is leading by example for being the first agency of government in Nigeria to implement a major aspect of the NDPR that complies with data privacy rules. It will also serve as a checkbook for organisations’ audits on NPDR in compliance with Data protection, according to the IT regulator.
NITDA on Safeguarding Data Privacy of Visitors
“Disturbingly, out of 30 surveyed, 100% confirmed their paper visitors’ books are not confidential and do not protect the visitors’ personal data. Another 98% admitted they do not dispose of paper visitor books securely and confidentially – leaving the personal data of millions of employees and customers at risk’’, according to Inuwa.
According to the NITDA DG, the Data Services Protection Limited (DSPL)-patented visitors’ book was selected amongst the most innovative NDPR product at 2021 Privacy Week organised by the IT regulator.
The visitor’s book pages are duplicates and works by making personal details on the visitor’s book invisible on the first page while capturing the data on the duplicate page, according to NITDA.
“This basic but ingenious visitor’s book is cheap in comparison with the expensive digital visitor’s management solutions”, Inuwa says while noting that the visitors’ book is an addition to the processes of computing the visitors’ data electronically.
When putting NDPR procedures in place, Inuwa notes that “it’s very likely that many organisations did so with one big misconception that the new law only affects data collected online. The NDPR is technology-agnostic. It applies to all acts of personal data collection and processing, no matter how and where it takes place, visitor data, employee personal data, etc.”
He also explains that “data protection applies to all transactions intended for the processing of Personal Data, notwithstanding how the data processing is being conducted or intended to be conducted in respect of natural persons in Nigeria.’’
According to Inuwa, “recognizing that many public and private bodies have migrated their respective businesses and other information systems online, information solutions with both the private and public sectors now drive service delivery in the country through digital systems. These information systems have thus become critical information infrastructure that must be safeguarded, regulated, and protected against atrocious breaches.”
He explains that “data protection applies to all transactions intended for the processing of Personal Data, notwithstanding how the data processing is being conducted or intended to be conducted in respect of natural persons in Nigeria.”