I Have a Question About
The reasons for IT Projects Clearance are to ensure:
For more information, kindly read Guidelines for Clearance of Information Technology (IT) Projects by Ministries, Departments and Agencies (MDAs)
Only IT related projects should be submitted to NITDA for Clearance
All proposed IT projects are expected to be submitted to NITDA for Clearance at their Conceptualization stage.
Currently, there is no minimum estimated amount. All proposed IT projects are expected to be submitted to NITDA for Clearance.
The IT Projects Clearance team will communicate within 21 working days
NO. The Conditional Clearance cannot be used by Federal Public Institution for implementation of its IT project.
The objectives of the NDPR are: data privacy protection; secure exchange of data; improve business environment and create sustainable jobs.
The NDPR applies to all residents of Nigeria; all Nigerians within and outside Nigeria.
The Regulation came into effect on 25th January, 2019. A major advertorial was carried in four major national dailies between 14th and 15th of February, 2019 to sensitize people on this. The grace period elapsed by 25th of July, 2019 and extended till 25th October, 2019.
Processing is defined in Article 1.3(r) as follows: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; …
NITDA is empowered to regulate electronic data use in Nigeria. Section 6(a and c) of the NITDA Act 2007 makes this clear. This provision makes it clear that NITDA has the authority to regulate data from any electronic or digital platform. A breach of NITDA regulation is a breach of the NITDA Act as provided by Section 17 and 18 of the Act. Therefore, a breach of this Regulation is enforceable in the Nigerian court.
The NDPR recognizes the need for cross-border transfer of data in an era of globalized and high-speed business transactions. Article 2.11 of the Regulation, which relates to Transfer to a Foreign Country, addresses this concern. To comply with the provision and other aspects of the Regulation, the Data Controller would provide the following:
These information may be captured in the annual data audit report where the transfer is done in the regular course of business
The NDPR does not mandate private businesses to host data only on local servers, although this is highly encouraged. Government data as well as critical national data in the custody of private organisations must however be hosted in-country. Where hosted abroad, the Data Controller, should however, provide NITDA with the countries where such servers are located and their data protection policies.
NITDA does not accept audit report by non-licensed third-party auditors. The Data Controller may encourage its auditors to obtain the Data Protection Compliance Organisation (DPCO) license or alternatively deal with NITDA licensed DPCOs. Every audit report required under the Regulation must be accompanied by a Verification Statement by a licensed DPCO.
Except for other specified purposes or request by NITDA, Data Controllers are expected to file their data audit report annually before the 15th of March of the following year.
A “Data Protection Compliance Organization (DPCO)” means any entity duly licensed by NITDA for the purpose of training, auditing, consulting and rendering services and products for the purpose of compliance with the NDPR or any foreign Data Protection Law or Regulation having effect in Nigeria. In essence any organization that wishes to provide any form of data privacy protection service to Nigerian companies must acquire this license. Submission of annual audit report by Data Controllers must be accompanied by a verification statement by a licensed DPCO.
Article 2.11 of the NDPR provides: Any transfer of Personal Data which is undergoing processing or is intended for processing after transfer to a foreign country or to an international organisation shall take place subject to the other provisions of this Regulation and the supervision of the Honourable Attorney General of the Federation (HAGF).
Data Controllers do not require permission of the Attorney-General for every transfer of Data outside Nigeria. In transferring data abroad, Data Controllers shall provide the following information to NITDA through their annual audit report or where specifically requested by NITDA.
NITDA shall relate with the Office of the Attorney General of the Federation to seek guidance on Nigerian legal position on any aspect of the Regulation or where there is a breach of private data in a foreign jurisdiction.
The Controller may through its appointed DPCO file a request for extension, stating the processes already initiated and other information to show commitment to compliance.
NO! there is no need to file audit report, however it is essential to conduct the audit for future reference.
The report, accompanied with requisite payment, is to be submitted through a DPCO to NITDA.
NO! Organisations who implement demonstrable corrective measures after filing IDAR are exempt from filing 2019 Annual Audit Report which expires on 30th June, 2020
Pay into NITDA TSA account. In the Description, write- XXXXXX LTD AUDIT FILING. (Note that the GIFMIS number is not a mandatory field)
NO! filing of audit report must be done through a DPCO
Yes, the NDPR applies to all sector and every data controller and processor.
NO! Professionals are not restricted from performing their professional duties; however, only licensed DPCOs can provide verification statement on an audit report. Also, request for recognition of data protection training, services or products is predicated on licensing as a DPCO except management deems otherwise.
No, your company must have a government domain name for you to register
Upon successful registration and upload of all necessary documents, verification will be done. When NITDA is satisfied with all the documents submitted, a provisional license that will last for six (6) months will be provided to you within a period of 10 working days.
No, It is mandatory to submit verifiable documents before registration certificate can be issued.
The Provisional license last for Six (6) months, while the original Certificate last for Two (2) years.
Renewal at the moment is automatic and is done by returning the expired one and upon citing updated necessary documents submitted at the initial application stage. However this can be change at the discretion of NITDA management.
NITDA Academy training programs are meant for staff who are in the Ministries, Departments and Agencies (MDAs), Students, special interest groups, Researchers and the General Public.
A wide variety of courses are offered ranging from digital literacy, networking, cybersecurity, programming, Internet of Things (IoT) , Big Data, Artificial Intelligence (AI), Embedded Systems Designs and digital entrepreneurship among others.
Many of the courses can be self-enrolled or instructor can enroll students, however, you need to simply register first on the website. To register simply navigate to NITDA Academy’s home page, click “REGISTER” on the top right corner of the page and you will be brought to the registration page. Fill in your details and click on “SUBMIT” to create an account.
You create your login details during registration. Your username is always your email address and you can create a password of your choice. To log in simply go to NITDA Academy’s home page, click “LOGIN” on the top right hand corner of the page and you will be brought to the login page. Enter your username and password. You will then be brought to your Member’s area.
- If you forget your password, don’t worry. Click on “login” on the homepage and this will take you to the login page. You will see a “forgot password” link under where you enter your login details. Click on “forgot password” and an email will be sent to your email address in order to reset your password.
NITDA Academy provides free access to self-enroll courses and free access and training for instructor led courses offered by our top industry partners such as Cisco and Huawei etc. However, industry certification exam vouchers are not free.
Different courses have different durations based on content and difficulty level.
Yes. However, other conditions may apply such as assessment and examinations
The choice is yours whether to enroll for another course or an advance component of the course.
There are two ways to register a .GOV.NG domain name as provided for on NITDA website https://nitda.comepower.com.ng/gov-ng-domain-registration. You can either send a written application to National Information Technology Development Agency (NITDA) or Nigeria internet Registration Association (NiRA) through any of the accredited registrars. See https://www.nira.org.ng/accredited-registrars for the list of accredited registrars and you may contact them.
All websites/portal of government constituents at all levels (Federal, State and Local governments) or specialized projects of government that would last for 18 months or more are required to register on .GOV.NG zone.
Currently, NITDA charges no fee for .GOV.NG domain name registration and update. However, if a .GOV.NG domain name is registered through a NiRA accredited registrar, it is expected that the registrar would charge a consultancy fee. The charged fee varies from one registrar to another.
No. This is not possible. The information is needed to populate the registry at the time of creating the domain.
The admin contact must be a member of staff of the institution/MDA while the technical contact can either be a member of staff of the MDA or a consultant to the institution/MDA where a technical staff is not available.
To update registration information through NITDA, an authorization letter containing the information to be updated should be communicated to NITDA through the email firstname.lastname@example.org The letter should be signed by the most senior officer and must include the contact phone number for verification.
Domains are in levels. For example nitda.gov.ng is a third label domain while judiciary.kn.gov.ng is a fourth level domain. While Federal MDAs only, are allowed to be on third level domain, agencies of state government and local government must be on the forth level and the zone of their states. Available zones are ab.gov.ng ad.gov.ng ak.gov.ng an.gov.ng be.gov.ng bo.gov.ng bu.gov.ng by.gov.ng cr.gov.ng dl.gov.ng eb.gov.ng ed.gov.ng ek.gov.ng en.gov.ng gm.gov.ng im.gov.ng jg.gov.ng kb.gov.ng kd.gov.ng kg.gov.ng kn.gov.ng kt.gov.ng kw.gov.ng lg.gov.ng na.gov.ng ni.gov.ng og.gov.ng on.gov.ng os.gov.ng oy.gov.ng pl.gov.ng rv.gov.ng sk.gov.ng tr.gov.ng yb.gov.ng zm.gov.ng abj.gov.ng
If all requirements are provided in the authorization letter and NITDA is able to verify the authenticity of the contents of the letter, the approval, registration and/or update is carried out within 24 hours.
.gov.ng domain names do not expire.
NITDA does not host domains. However, all government domains and websites are expected to be hosted locally and any violation of this will attract sanctions as stipulated in the Nigeria Data Protection Regulation.