The Nigeria Data Protection Commission (NDPC) said the Central Bank of Nigeria (CBN’s) new directive to banks to obtain social media handles of their customers as part of enhanced Customer Due Diligence (CDD) regulations is against the law.
The commission said it is already engaging with the apex bank on the issue because there are basic principles to be met when you want to collect citizens’ data.
According to a statement issued by the commission’s Head of Media, Mr. Itunu Dosekun, on Thursday in Abuja, this was made known by the National Commissioner of NDPC, Dr. Vincent Olatunji.
Olatunji pointed out that before the establishment of the Nigerian Data Protection Act (NDPA), on June 12, indiscriminate collection of citizens’ data by Data Controller Organisations was not taken seriously.
He explained that there were prerequisite steps any Data Controller must take before collecting data from data subjects, adding that any organization that defaulted was going against the law and causing a data breach, which would attract a fine.
The NDPC boss said, “There are provisions in the law to go against any data controller be it private or government office, NGOs, hotels, because we are pro-citizens.
“The whole idea of this law is to protect the rights, the interests of Nigerians who are data subjects. We are already engaging with the CBN to let them know that what they have done is against the law because there are basic principles you must meet when you want to collect citizens’ data.