igwilodanielubabecb771d

Understanding Data Protection Laws: A Guide for Beginners

Fri, 17 Jan 2025 10:50:30 GMT

Data Protection: A critical shield to safeguard personal data!

In today's digital world, data is everywhere. From the photos you share on social media to the personal details you enter when shopping online, data drives the modern economy. But as data collection grows, so do the risks of misuse, theft, and unauthorized access. This is where data protection laws come in as a critical shield to safeguard your personal information.

What Are Data Protection Laws?

Data is a key component of the new digital world

Data protection laws are legal frameworks designed to ensure that individuals' personal information is collected, stored, and used responsibly.

These laws place obligations on organizations to protect data and grant individuals rights over their personal information.

Why Should You Care?

Imagine if your banking details were stolen, or your private conversations leaked online. Data protection laws help prevent such scenarios by holding organizations accountable for how they handle your data. For businesses, compliance builds trust and demonstrates a commitment to safeguarding customer information.

Key Principles of Data Protection Laws

While specific laws vary globally, most are built on similar principles:

Transparency: Organizations must inform you about how your data is being used.
Consent: Your data cannot be used without your explicit permission.
Purpose Limitation: Data should only be used for the purposes stated when collected.
Data Minimization: Only necessary data should be collected and stored.
Security: Organizations must implement measures to prevent data breaches.
Accountability: Companies are held responsible for ensuring compliance with the law.

Examples of Data Protection Laws

Nigerian Data Protection Act (NDPA): Protects the privacy of Nigerians and establishes rules for processing personal data.
GDPR (General Data Protection Regulation): A comprehensive EU law that sets the gold standard for data protection.
CCPA (California Consumer Privacy Act): Grants California residents rights over their personal data.

Your Rights Under The Nigerian Data Protection Laws

The Nigerian data protection laws grant individuals several rights, including:

The right to access: View the data organizations hold about you.
The right to be informed: the right to be informed about the relevant information relating to the processing of their personal data.
The right to rectification: Correct inaccuracies in your personal data.
The right to erasure: Request that your data be deleted (the "right to be forgotten").
The right to data portability: to transfer their personal data from a data controller to another data controller.
Right to withdraw Consent: a data subject has the right to withdraw consent.
Right to complain to the Relevant Data Protection Authority ; Section 40 of the NDPA gives the data subject the right to lodge a complaint with the NDPC.

How Can You Stay Protected?

Read Privacy Policies: Understand how your data is being used before sharing it.
Opt Out When Necessary: Use the right to deny consent if you’re uncomfortable.
Report Violations: If an organization misuses your data, report them to relevant authorities.

Final Thoughts

Data protection laws empower individuals to control their digital footprint and compel businesses to act responsibly.

As a beginner, understanding your rights and these laws is the first step to navigating the digital world securely.

Stay informed, stay secure!

CLIENT OF THE WEEK

BROKERAGE SERVICE

As a dealing member firm of The Nigerian Exchange Limited, the company engages in the execution of mandates for clients with regards to the following securities:

Ordinary shares
Gilt-edge/ government development stocks
Corporate debt
Treasury bills and certificates
Over the Counter Trading (OTC-NASD)
Private Equity

FINANCIAL ADVISORY SERVICES

The company offers financial advisory services to corporate organizations in the following area

Capital issue/Raising
Broker to issue
Capital restructuring
Mergers and Acquisitions
Debt Swaps/Equity conversion
Feasibility Reports
Dividend policy
Collection of outstanding Share Certificates, bonuses and dividend

NOMINEE/CUSTODIAN SERVICES

The company serves as custodian to banks/and non bank financial institutions that use their stock position as collateral for loans. The company takes necessary steps that protect the interest of both parties.

The nominee service facilitates the management of a client’s holding under a nominee name. This transaction must however conform to the ethics of corporate governance and transparency. A periodic report on the performance of the account will be communicated to the client.

SHARE CERTIFICATE VERIFICATION

The company offers clients the opportunity to dematerialize their share certificates in the CSCS system. The advantages include safety against theft, loss, fire, accident while facilitating easy transfer. Clients can also take advantage of share price appreciation as well as ease of use as collateral.

Personal Data Sharing: Are We Really In Control?

Sun, 22 Aug 2021 01:20:24 GMT

The Struggle for Control of Our Personal Data

The latest controversy surrounding personal data and how it’s shared has served as a tremendous eye-opener regarding how much control we really have over our personal data online. We would like to think that the implementation of the Nigeria Data Protection Regulation would tip the balance in our favor. Instead, the situation is foggier than ever, and the struggle over the control of our data is only just beginning.

What is Personal Data?

Data is a key component of the new digital world

Personal data is any information that relates to an identified or identifiable individual.

To most people, personal data includes private details like our name, date of birth, where we live, etc. However, its true definition encompasses more than this. In actuality, personal data embodies the tiniest of details that could relate to us.

Apart from the fact that we willfully give out our information to social media networks and just about any website requiring our details for one service or another, our activities online are also a major way that service providers are able to access our data.

As expected, the websites people visit the most, like social media, content streaming, and

online retail websites have emerged as the leading data bank of the digital world. They collect so much data on us that tracking them is becoming difficult. We would expect that these should slow down their data collection activities; instead, they continue to introduce new initiatives

that will help them collect more data.

THE BOTTOM LINE

We live in a data-obsessed world, and shared data is the price we pay for the various services we access online. While data policies look to involve us in the personal data sharing

process, we are still a long way from total ownership of our data online. After all, how can we

possibly own or control what we don't even know exists?

Before the emergence of the Nigeria Data Protection Regulation, we had no say on our personal data. Service providers were the sole custodian, and they could do whatever they

pleased with the data they retrieved. Although it is still business as usual for service providers in some regions, the introduction of the Nigeria Data Protection Regulation set a new tone as to how the outlook of data policies in the near future will be constructed.

CLIENT OF THE WEEK

Verify CAC registration

Conduct business (CAC) search report on Nigerian companies

Verify address claims

Verify that the Nigerian company is available at the address they claim with address verification

Verify Tax Identification Numbers

Verify Nigerian companies with their Tax Identification Number (TIN)

Validate business owner identities

Validate the identities of the business owners

The Nigeria Data Protection Regulation: What is sensitive personal data?

Wed, 06 Jan 2021 15:02:07 GMT

Understanding the Nigeria Data Protection Regulation

The Nigeria Data Protection Regulation makes a distinction between ‘personal data’ and ‘sensitive personal data’.

'Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’).

In its most basic definition, sensitive data is a specific set of “special categories” that must be treated with extra security. These categories are:

Racial or ethnic origin;
Political opinions;
Religious or philosophical beliefs;
Trade union membership;
Genetic data; and
Biometric data (where processed to uniquely identify someone).

Rules of processing sensitive personal data:

Organisations must invoke one of the following lawful bases:

A contract with the individual: for example, to supply goods or services they have requested, or to fulfil an obligation under an employee contract.
Compliance with a legal obligation: when processing data for a particular purpose is a legal requirement.
Vital interests: for example, when processing data will protect someone’s physical integrity or life (either the data subject’s or someone else’s).
A public task: for example, to complete official functions or tasks in the public interest. This will typically cover public authorities such as government departments, schools and other educational institutions; hospitals; and the police.
Legitimate interests: when a private-sector organisation has a genuine and legitimate reason (including commercial benefit) to process personal data without consent, provided it is not outweighed by negative effects to the individual’s rights and freedoms.
Consent: when the data subject agrees to the processing when presented with a clear explanation of the personal data that will be collected and what it will be used for.

Is your website data protection compliant?

Tue, 05 Jan 2021 14:56:57 GMT

Accelerate Your Website Data Protection and Privacy Compliance.

It is ideal for managers and website administrators to understand the importance of having a data complaint website.

Have you got a cookie policy on your website? Are you advising website visitors of the fact that you are using cookies, what types of cookies you use and why?

Are you providing them with the options to accept, reject or modify their cookie preferences? Is your cookie banner appropriate?

If you’ve answered “no” to any of these questions, then your website doesn’t comply with the Nigeria Data Protection Regulation.

You also need to consider:

If you are processing personal data on your website, you must document an appropriate purpose as well as a lawful basis for this processing?
If you are processing children’s personal data online, you need to ensure you have either an exemption or a lawful basis and purpose for the processing.
If your website is displaying photos or videos (or links to either) and these media contain people – you need to ensure that you have a -compliant lawful basis and purpose for processing these images.
If you are using an online application form or online “contact us” form, you must check that your wording appropriately outlines the purpose and lawful basis for capturing this information.
Whether information being gathering via a “contact us” form is being used for purposes other than that which is was collected, such as marketing. If so, you should check whether you have a lawful basis, inform data subjects of your practices and provide a link to your privacy notice.
If you are gathering information via your website, how long are you storing this information and how is it protected? Are you making people aware (via the privacy notice) of these details?
If you are using testimonials from clients on your website, have you obtained their consent to quote their names? How long are you storing their consent?
If you are using photos or videos of your employees on your website, you should ensure that the employee contract, the data privacy notice and the data privacy policy cover such purposes.

5 ways that universities can reduce the risk of cyber attacks

Sun, 03 Jan 2021 14:54:56 GMT

So what can schools and universities do to curb the threat of data breaches? Here are five tips to help you get started.

1. Engage with stakeholders

Cyber security affects everybody, whether it’s employees responsible for protecting your data, third parties with whom you trust your information or data subjects themselves.

By helping them understand the importance of effective security – including the steps you’re taking to protect your systems and the ways they can help – you ensure that everybody is part of the solution.

One way you can do this is to provide staff awareness training for anyone who handles sensitive information as part of their job.

Another solution is to provide advice to students and staff on the ways they can help. That might include practising good password security or learning how to spot phishing scams .

2. Install anti-malware software

Malware is one of the biggest risks that organisations face. It can wreak havoc by gaining access to and stealing confidential information, damaging files and even locking them and preventing access unless you pay a ransom.

Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware) and including options for virus removal will protect your computer, your privacy and your important documents from attack.

3. Apply patches and updates

Cyber criminals can rapidly exploit vulnerabilities once they’ve been discovered and shared publicly.

Criminal hackers take advantage of known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.

Updating software and operating systems will help to fix these known weaknesses.

4. Implement access controls

Because of their large workforce and annual turnover of students, universities naturally have large networks with many entry points.

It’s therefore essential that you create access controls limiting who can access certain information. This reduces the risk of students or staff viewing information that they shouldn’t, and also limits what a cyber criminal can do if they compromise someone’s account.

5. Share your threat intelligence

Cyber criminals will often target multiple organisations using the same methods, looking for one that has a weakness that be exploited.

By communicating with other universities about the threats you face, you can help each other prepare for attacks.

For example, if one institution reports a particular phishing campaign targeting, say, an upcoming conference, other universities can spread the word among staff and students.

Likewise, if there’s another data breach such as the one that happened at Blackbaud, universities can help each other by describing how they were affected and urging fellow institutions to assess their systems.

Are you aware of your organisation’s cyber security vulnerabilities?

Sat, 02 Jan 2021 14:49:39 GMT

Invest wisely in Cyber Security.

With over 15,557 reported data breaches in globally, it’s safe to say that cyber security should be a top priority for all organisations.

Most organisations are already well-aware of this threat and are pouring money into their security budgets. Gartner estimates that worldwide cyber defence spending could hit $114 billion (about €102 billion).But before opening up your chequebook, you need to make sure that any investments address the full range of vulnerabilities in your organisation.

Too many people believe that cyber security is just about technology. However, you also need to ensure that you have the correct processes in place to get the most of those technologies and train staff to avoid costly mistakes.

It’s only when you invest appropriately in each of these three domains that you can be confident in your organisation’s cyber security posture.

So, what do those domains involve?

People

The ‘people’ aspect of cyber security refers to staff training. The level of training you provide will depend on whether the employee has a technical or non-technical role.

Non-technical staff don’t need advanced cyber security knowledge, but they do need a strong understanding of the fundamentals. A security awareness programme, or training courses that address specific issues like phishing, are essential.

Technical staff will already have a strong understanding of core security principles, but they should still be part of your general staff training activities alongside further training to help them stay up to date with the evolving threat landscape and security best practices.

Given the ever-widening cyber security skills gap, it might also be worth encouraging employees to gain advanced qualifications that will help them move into more senior roles.

Processes

Staff training goes hand-in-hand with organisational processes. These are written instructions on the dos and don’ts of various practices.

ISO 27001, the international standard for information security, provides a complete set of cyber security processes based on the implementation of an information security management system.

Technology

We’ve placed technology last to emphasise the fact that it should support people and processes rather than being relied upon.

Technological defences can automate processes that would otherwise take a human a long time to complete, such as identifying threats in your systems. Other technologies act as a first line of defence that weed out threats so that a human doesn’t have to, like spam filters.

But whatever the technology is doing, you can’t assume that it will be 100% effective. For example, email scanning software will send the majority of suspicious emails to employees’ junk folders, but that still leaves a lot of emails that end up in inboxes.

That’s why you need to train employees to spot suspicious emails and give them processes to follow.

igwilodanielubabecb771d

Understanding Data Protection Laws: A Guide for Beginners

Data Protection: A critical shield to safeguard personal data!

What Are Data Protection Laws?

Data is a key component of the new digital world

Why Should You Care?

Key Principles of Data Protection Laws

Examples of Data Protection Laws

Your Rights Under The Nigerian Data Protection Laws

How Can You Stay Protected?

Final Thoughts

CLIENT OF THE WEEK

BROKERAGE SERVICE

FINANCIAL ADVISORY SERVICES

NOMINEE/CUSTODIAN SERVICES

SHARE CERTIFICATE VERIFICATION

Personal Data Sharing: Are We Really In Control?

The Struggle for Control of Our Personal Data ﻿

What is Personal Data?

Data is a key component of the new digital world

THE BOTTOM LINE ﻿

CLIENT OF THE WEEK

Verify CAC registration

Verify address claims

Verify Tax Identification Numbers

Validate business owner identities

The Nigeria Data Protection Regulation: What is sensitive personal data?

Understanding the Nigeria Data Protection Regulation

Rules of processing sensitive personal data:

Organisations must invoke one of the following lawful bases:

Is your website data protection compliant?

Accelerate Your Website Data Protection and Privacy Compliance.

5 ways that universities can reduce the risk of cyber attacks

So what can schools and universities do to curb the threat of data breaches? Here are five tips to help you get started.

1. Engage with stakeholders

2. Install anti-malware software

3. Apply patches and updates

4. Implement access controls

5. Share your threat intelligence

Are you aware of your organisation’s cyber security vulnerabilities?

Invest wisely in Cyber Security.

The Struggle for Control of Our Personal Data

THE BOTTOM LINE