Independent National Electoral Commission (INEC) has sought clarifications and sensitization on data protection from the Nigeria Data Protection Commission (NDPC). This request was made during an interactive meeting between INEC and NDPC at the INEC headquarters.
The meeting aimed to ensure the proper protection of personal data of Nigerian citizens in INEC’s database. The goal is to ensure adequate safeguards for citizens’ and voters’ personal data to ensure credible elections.
The National Commissioner/CEO of NDPC, Dr. Vincent Olatunji, commended the Chairman of INEC, Prof. Mahmood Yakubu, for his willingness to implement measures to protect the personal data of Nigerian citizens and to comply with the Nigeria Data Protection Act.
“All of us are data subjects; INEC is a data controller. We must process data within the laws provided in the Nigeria Data Protection Act.
“Any data leakage here can lead to a lot of issues, with INEC being a data controller of major importance in Nigeria.”
The Chairman of INEC appreciated Dr Olatunji, emphasizing the importance of data protection. He noted that INEC stores the largest citizen database in Africa, with 93 million records from the last election.
“We have the most sensitive records of citizens, from their fingerprints and facial biometrics, across the executive, legislative, and judicial branches, male and female, young and old. It is better to start sensitization now before it’s too late.”
He stressed the necessity for INEC to gain clarity on data protection to ensure compliance and informed practices.
Dr. Olatunji emphasized the importance of data protection and the consequences of inadequate measures, especially for INEC as data controllers of major importance.
He highlighted the potential consequences of non-compliance, including reputational damage, financial loss, and even death in extreme cases.
He also spoke about the penalties for non-compliance: “It ranges between 10 million naira and 2 percent of your gross earnings. The CEO can even go to jail, which is why it is better for everybody to obey the law.”
He outlined what INEC is required to do in the area of compliance, including having a privacy policy, appointing a Data Protection Officer (DPO) at the headquarters and state levels, and engaging a Data Protection Compliance Organisation (DPCO), among other measures.
He added that the NDPC will conduct free training for INEC staff members and appointed DPOs, as anyone can be the weakest link in data breaches.
Other areas discussed included awareness, the level of a prospective DPO, policies, and cyber-attacks, among others. An implementation committee consisting of staff from both NDPC and INEC was immediately set up to implement data protection and privacy measures to guarantee trust and confidence in INEC’s data processing activities.
