The last two month has been interesting for us as a nation and me as an individual. The massive arrest of some Nigerian cyber-criminals set the nation on the global spotlight. It was quiet disheartening to see the massive potentials of our youths being diverted to such unenviable venture. Despite the gloomy situation, I have a strong conviction that a great future awaits our country.

My appointment by the President of the Federal Republic of Nigeria Muhammadu Buhari GCFR, as the Director General, National Information Technology Development Agency (NITDA), is a clear testimony to his uncommon faith in the capabilities of the Nigerian youths to actively contribute to nation building. My being the youngest Chief Information Technology Officer in the history of Nigerian IT industry is indeed a challenge to the young and dynamic Nigerians to prove our mettle in proffering innovative solutions to the pool of problems bedeviling our country.

Luckily, working under the tutelage of a very dynamic and versatile boss, Dr. Isa Ali Ibrahim (Pantami), the Honorable Minister of Communications and Digital Economy, availed me the opportunity to be part of a vibrant and determined team that developed the Strategic Roadmap for the Development of the ICT sector in Nigeria. The roadmap focuses on digital job creation; inclusion; capacity building; IT regulation among others. We are making appreciable progress on all fronts, and for me the aspect of IT sector regulation has been the most exciting. In the last four years, NITDA has rejigged its regulatory mandate to the support of most Nigerians and non-Nigerians alike

One of the exciting outputs of our regulatory effort is the Nigeria Data Protection Regulation (NDPR) 2019. The NDPR is the most interrogated regulation by NITDA till date. Why so? The Regulation affects every Nigerian using, collecting, storing or transferring personal data. The NDPR was crafted to provide a clear framework for the security of the privacy of Nigerians; guide operators whose transactions involve personally identifiable information and to enable Nigerian businesses to be globally competitive in terms of compliance with the principles of data protection.

The NDPR covers the public and private sectors. It also applies to all Nigerian residents and Nigerians in diaspora. Not withstanding, NITDA in its power has issued quite a number of regulations, amongst which is the NDPR under Section 6 (c) of the NITDA Act 2007 which provides that; the Agency shall develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information. This mandate leaves nothing to imagination about NITDA’s powers to regulate electronic data interchange. We however do not gloat about this, knowing the effect of non-performance of this sacred obligation putting in mind over the top companies that exploit individuals through data mining.

In this regard, the Agency issued the NDPR on 25thJanuary 2019 after eighteen months of intensive consultations with various stakeholders. The Regulation expects every data controller and processor to have updated privacy policies by 25th April, 2019. Initial Data Audit Report was also submitted in 25th October, 2019. The essence of this is to give us a gauge of where we are as a nation in terms of data management. For ease of compliance, we have licensed a class of professionals called Data Protection Compliance Organisations (DPCO) to help organisations with compliance services, audits and training. We will be issuing more licenses in the coming days to enable the market have robust options. We expect to generate over three hundred thousand (300,000) new jobs through this scheme. For me, this is key milestone.

While working to aid compliance, we are not leaving out enforcement activities. On 20th September, 2019, I inaugurated our Data Breach Investigation Team (DBIT) a group of professionals who will work with the Nigeria Police and other law enforcement agencies to investigate cases of alleged data breaches among others. To ensure fairness and justice, we have also inaugurated Administrative Redress Panel (ARP) in October 2019. This panel, comprising of industry professionals and representatives of relevant government agencies would provide an alternative dispute resolution mechanism to address grievances in a non-litigious manner.

In order to promote smooth cooperation with other relevant government agencies and the private sector, NITDA is also promoting a National Data Protection Advisory Council (NDPAC) which would be an inter-ministerial organ to give advice on effective implementation of the NDPR. All these efforts are geared towards the ultimate aim of proposing a Data Protection bill to the National Assembly. When passed, the bill would benefit majority of Nigerians having gone through the various experiences gained from implementing the Nigeria Data Protection Regulation.

Indeed, these are exciting times for our digital economy. Our goal at NITDA is to play our part in the best possible way to make Nigeria investment worthy, open more digital job opportunities for our teeming population and support the security architecture by effectively implementing our mandate. The outcomes we envisage from our effortsare; raising global tech leaders and making Nigeria the destination of choice for technology investments in Africa. We are determined to also create an ecosystem for all the stakeholders in IT industry, inject what type of skills we need from our youths and how to make the use of those skills; and to give ventures and risk capitals a space to look at the system for them to invest in the industry. This is a fair deal for every Nigerian.


Kashifu Inuwa Abdullahi, Director General/CEO National Information Technology Development Agency (NITDA)