Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
82 views2 pages

Nigerian Health Data Protection Guide

This provides a checklist for Data Protection by Nigerian Companies, specifically the health sector

Uploaded by

rukayya umar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
82 views2 pages

Nigerian Health Data Protection Guide

This provides a checklist for Data Protection by Nigerian Companies, specifically the health sector

Uploaded by

rukayya umar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Date Protection in the Nigerian Health Sector

All data must be handled in a manner prescribed by the Nigerian Data Protection Act
(NDPA) 2023 and in accordance with Nigerian Data Protection Regulation (NDPR) 2019.
The National Health Act 2014 imposes a duty of confidentiality on the health sector,
therefore, where there is need to process or use such data, there is need to comply with
relevant laws. The NDPA and NDPR provides that all data collected by data controllers on
data subject must be handled in the following manner:

1. All data of Users of the platform shall be handled according to the provisions of the Act.
Data Controllers or Processors are to register with the Nigerian Data Protection
Commission.
2. Obtain explicit consent from users before collecting and processing their personal
health data. Parental consent must be sought before processing the data of a child.
3. All data controllers and data administrators must Comply with the following the NDPR,
therefore, the Company must:

a. Conduct Data Protection Audit annually.


b. Process data on a legally justifiable basis.
c. Have a Privacy Policy on the platform within 3 months of commencing
business and publicise such fact (that their data would be processed) to
users.
d. Make sure systems are data compliant.
e. Undertake capacity building for staff, vendors, contractors & related 3 rd
parties.
f. Develop and circulate internal data protection strategy or policy.
g. Conduct data protection impact assessment (DPIA).
h. Notify NITDA of personal data breach within 72 hours of becoming aware of
such breach.
i. Ensure all Agreements comply with the NDPR.
j. Design Systems to make data request, access, correction, update, and
transfer seamless.
k. Train members of senior management, and employees that collect data, the
Nigerian Data Protection laws and practices on biannual basis.
l. Communicate to Data Subjects, the process of objecting to processing of
their personal data and the procedure for informing them when automated
decisions are made on their personal data.
m. The Company should have a data protection officer.
Best practices to be adopted by Companies
- Establish a robust data encryption and access control framework.
- Ensure you obtain explicit user consent for data collection and usage.
- Carry out security audits and risk assessments regularly.
- Establish clear policies for data retention and deletion.
- Ensure transparency when handling and sharing data of patients.
- Register with the National Information Technology Development Agency (NITDA) as a
data controller.

You might also like