INTELLIGENT BRANDS // Cloud
The importance of GDPR
compliance for Nigerian businesses
/////////////////////////////
Adebayo Sanni, Oracle
Nigeria’s MD stresses that the
significance of GDPR isn’t only
for global companies, a small
start-up in downtown Lagos
serving a customer in Europe
isn’t exempt from compliance.
T
he deadline for compliance with the
General Data Protection Regulation
(GDPR) has come and gone. And while
it happened without too much fanfare in
Nigeria, companies that think they can ignore
the legislation and maintain a business as
usual approach are in for a rude awakening.
Any organisation (irrespective of its size,
industry or geographic location) that has
dealings with a company or people inside
the European Union (EU) must adhere to it.
Those not willing to do so face fines of either
€20 million or 4% of their global revenue.
For cloud providers that have customers
around the world, this is a significant piece
of regulation. However, even a small start-up
in downtown Lagos that provides a service to
a person living in France must be compliant.
Of course, the cloud provides many benefits
to organisations that are required to be
GDPR-compliant. Not only does it provide a
more secure platform, but the environment
is robust and continuously updated to reflect
the latest technology innovations.
Changing behaviour
At 68 pages with 99 separate areas of
focus, it is hardly surprising that many feel
intimidated by GDPR. For those providing
cloud or ‘as-a-service’ solutions, there are
66
INTELLIGENTCIO
Adebayo Sanni, Managing Director,
Oracle Nigeria
four key requirements to consider – data
security; rights of individuals; documentation
and security audits; and data breach
notifications. But even before one can delve
into the technical aspects of compliancy,
the reality is that many Nigerian businesses
need to change the way they view and use
data. Certainly, the situation is not unique
to the country with many others struggling
to adapt to a new way of capturing, storing,
using and sharing data.
Companies should carefully review whether
the information they collect about their
customers is necessary and, if it is, how
securely is it stored and protected from
external systems. An important aspect of
this is to make sure the language used in
data collection policies is written in a way
that the layperson can understand. So, no
more hiding behind legalese or difficult to
follow technical concepts. Already, there is a
groundswell of support to the mantra ‘your
data, your property.’ Nigerian businesses
must ensure they keep this in mind. This is
also where the critically important ‘right
to forget’ component of GDPR comes in.
A consumer can delete his or her profile at
a business with the personal information
needing to be wiped clear. Just consider the
impact this will have on social networks.
Local guidance
Fortunately, Nigeria has the Digital Rights
and Freedom Bill for companies to fall
back on. Even though it is still awaiting
presidential assent, the bill does provide
organisations with guidance on data
handling, collection and use in the country.
Furthermore, compliance is not something
that is done once and forgotten. Instead,
decision-makers need to continually
review and assess their data management
strategies and policies. The GDPR is an
ongoing concern that requires an integrated
approach to data. Fundamentally, local
companies do not have the luxury of using
disparate databases and systems any longer.
They must all be integrated, with the data
securely stored every step of the process. n
www.intelligentcio.com