The National Information Technology Development Agency (NITDA) has extended by three months, the time for filing of initial data audit report by data controllers and processors.
The Director General, NITDA, Dr. Isah Pantami said the Agency had series of consultations with various industry and government stakeholders on the implementation of the Nigeria Data Protection Regulation (NDPR).
“The overwhelming consensus of all stakeholder groups is that, the NDPR is an appropriate regulation that would help provide clarity for data controllers and processors on the rights of data subjects, basis of processing personal data and transfer of data outside Nigeria among others,” he said.
Appeal for extension
Dr Pantani noted that several Data Controllers had appealed for an extension of time to meet this obligation.
“Therefore, NITDA is hereby granting a three-month extension for the conduct of the initial audit report for every data Controller and Processor. This extension period would elapse on Friday 25th October, 2019.”
“This extension of time for the purpose of audit filing does not limit NITDA’s right to investigate and enforce other allegations of breach made against any Data Controller or Processor pursuant to the NDPR and the NITDA Act 2007,”Dr Pantami stated.
NITDA noted that stakeholders including other sector regulators, government, banks, industry groups, private sector players among many others, have shown tremendous willingness towards compliance with the NDPR.
Consequently, Article 4.1(5) of the NDPR requires Data Controllers to submit an initial audit report within six months of issuance of the Regulation which lapsed on July 25, 2019.