In a digitalized world in which data is playing an increasingly important role, the rights of individuals must be safeguarded and protected from the interests of the pri-vate sector and governments. Data protection means:
• that everyone can decide on the use of his/her data,
• his/her privacy is respected, and
• everyone is protected against misuse of data.
The right to data protection
Data protection is about protecting all information relating to an individual. The right to the protection of personal data has been enshrined in Article 8 of the European Charter of Fundamental Rights. Worldwide, there is more and more legislation on data protection. Many of these laws are influenced by the European General Data Protection Regulation (GDPR), which is considered the gold standard in data protec-tion law.
Data protection and protection of privacy internationally
The United Nations Conference on Trade and Development (UNCTAD) has compiled an overview map showing the state of data protection and privacy legislation world-wide. According to this, 137 out of 194 countries worldwide have adopted legislation to protect data and privacy. In Africa and Asia, the share is around 60 percent, in the least developed countries 48 percent.
Despite the increasing number of data protection laws, a lack of data security and data protection, as well as a low understanding of the risks of data misuse in many countries, still represent a major hurdle to ensure a sustainable and human-centered digital transformation. Therefore, the support of partner countries in the consulta-tion and implementation of regulations and digital policy framework conditions should be further expanded.
This article presents data protection regulations and their focal points: the General Data Protection Regulation (GDPR) of the EU and the national regulation of Nigeria.
EU: General Data Protection Regulation (GDPR)
In April 2016, the European Union (EU) adopted a new legal framework – the General Data Protection Regulation (GDPR), from May 2018 it applies without restriction and obliges every company operating in the EU to data protection. The GDPR is the world’s most comprehensive regulation on data protection.
The objectives of the GDPR are the protection of personal data and the free move-ment of data within the EU. The basic regulatory approach of the GDPR is that all da-ta processing is in principle prohibited, unless it is permitted on the basis of a permission. It requires organisations to respect the fundamental rights and free-doms of natural persons, in particular their right to the protection of personal data (Art. 1 GDPR). When processing data, the focus is on transparency, lawfulness, fair-ness, purpose limitation, data minimisation, accuracy, storage limitation, integri-ty and confidentiality (Art. 5 GDPR). In addition, bodies that process, collect or use personal data must implement technical and organisational measures to ensure data protection and security (Art. 32 GDPR).
Affected persons are granted extensive rights such as a right to information (Art. 15 GDPR), a right to erasure (Art. 17 GDPR) and a right to rectification (Art. 16 GDPR) of their personal data. In the event of violations, considerable fines (of up to EUR 20 million or up to 4 percent of a company’s previous year’s turnover) are imposed.
Nigeria: The Nigerian Data Protection Regulation (NDPR)
In Nigeria, data protection is a constitutional right based on section 37 of the Constitution of the Federal Republic of Nigeria of 1999. The Nigerian Data Protection Regulation (NDPR) was adopted in 2019.
The NDPR was introduced in particular to control the persons who have access to citizens’ data. Before the introduction of the NDPR, there were only insufficient pro-visions in a few laws to protect information or data from unlawful use.
Objectives of the Regulation
The NDPR aims to:
• protect the rights of natural persons to data protection,
• promote secure behaviour in transactions involving the exchange of personal data,
• prevent the manipulation of personal data and
• ensure that Nigerian companies remain competitive in international trade
NDPR vs GDPR
The Nigerian Data Protection Regulation (NDPR) was inspired by the European Un-ion’s General Data Protection Regulation (GDPR). From title to content, the NDPR reflects its European counterpart in all key respects.
Both regulations aim to ensure strong protection for individuals in relation to their personal data and apply to companies that process personal data, regardless of whether the information is collected online or offline.