‹ Back

The Nigeria Data Protection Act: What it

Means for PR & Communications Professionals

 

It is no longer news that President Bola Ahmed Tinubu just signed the Nigeria Data Protection Bill into Law. The Data Protection Act provides a legal framework for the protection of personal information and establishment of the Nigeria Data Protection Commission for the regulation of the processing of personal information, and for related matters.

 

 

 

 

This is giant stride which is coming after the Nigeria Data Protection Regulation (NDPR) was issued in 2019 by the National Information Technology Development Agency (NITDA), will give citizens the rights over their data. These rights allow them to ask you to do something, or stop doing something, with their personal data. It also allows a stakeholder to request that an organization should provide him or her with his or her personal data in the organization’s database and information on what the data is used for.

 

As interesting as this is, sole proprietors and organizations that process or manage stakeholders’ personal details to function need to be on their toes to ensure that their stakeholders’ personal data is secured and protected because failure to comply to the provision of the NDP Act can result in payment of compensations, fines or a sentence depending on the degree of the case and the judicial proceedings. (Sections 43 -48).

 

However, there is more to the Nigeria Data Protection Act for PR & Communications professionals/agencies and the organizations they represent. In the case of a personal data breach, the NDP bill that has now become an Act obligates data controllers to inform the commission, the data subject(s) and maybe (if communicating with the data subject is not feasible) “make a public communication in one or more widely used media sources” – Section 35.

With this, it is better organizations put in place measures to prevent any form of personal data breach because, - reputation in the mud.

 

But should it happen, how can one control the spread of such news to save the organizations’ reputation without flouting the law? What steps should the PR professionals and their organisations take to mitigate such situations and rebuild trust? These and many more need to be looked into and a proper crisis communication plan/strategy needs to be put in place.

Meanwhile, PR and Communications professionals/agencies can actually take data protection to their advantage to build trust for their organizations or clients.

 

In an era where privacy concerns are rampant and customers find it hard to trust organizations with their personal information - (You know how lenders/creditors [loan companies] give out their defaulting customers personal information to third parties without consent in a bid to recover their money or how a telemedicine platform/healthcare organization can mistakenly send a patients’ information to another person, or how organizations can collect and use clients or employees personal data without consent) -,  organizations especially startups can prioritize transparent communication to address privacy concerns and build trust with their existing and prospective customers.

 

Leveraging Data Protection in PR

Building credibility and maintaining positive relationships are part of the main objectives of public relations. PR professionals can leverage the Data Protection law to build trust, maintain a positive brand image and build relationships for their organizations.

Here are some tips to leverage the data protection act in your public relations (PR) activities:

 

1.     Understand the privacy needs of your target audience and be in the know.

To begin with, you need to understand your target audience privacy concerns and stay informed about relevant data protection regulations. Having the knowledge of your target audience privacy needs will help shape your communication strategies. This can be done by conducting research and analysis to identify their specific privacy concerns.

Similarly, staying updated with regulations will help you communicate your organization’s commitment to data protection in your PR efforts and also help your organization ensure compliance.

 

2.     Craft Clear Privacy Messaging

The Data Protection law gives data subjects the right to know how their data is collected and what it is used for. It also obligates the use for simple diction when crafting privacy policies and requesting customers' data.

“A request for consent shall be in clear, simple language, and accessible format.” - Section 21(6).

You need to work with your organization’s legal team, HR, IT, and other relevant departments to create transparent privacy policies by using clear and concise language that outlines how a customer’s data is collected, used, stored, and protected.  For example, Apple has been praised for its commitment to privacy by implementing features like App Tracking Transparency, which gives users control over app tracking and data sharing.

 

 

3.    Proactive Communication

Proactively provide accessible and prominently displayed privacy notices in your reception, waiting room or on your website. You can also utilize infographics to visually communicate your organization’s data privacy practices to your audience.

Also, if there are updates to the privacy policies, communicate the changes to ensure transparency and inform customers of their rights and choices.

You know how you feel when you open WhatsApp and you see the “messages and calls are end-to-end encrypted” notice at the center top of your chat, it gives you a sense of trust for the instant messaging platform right? That’s what proactively sharing your data protection measures to build trust looks like.

Issuing public statements about your organization’s data protection measures and practices, such as notice/announcement about encryption, employment of top cybersecurity or data protection experts, secure storage, compliance certifications e.g ISO, and employee training, without giving too much information that will compromise your data protection techniques, tools or software is a good way to instill confidence in your customers and build brand trust.

 

4.     Create Internal Communication Measures

There’s is no doubt that employees are a company’s best brand ambassador, right? Employees can help shape how your products and services are perceived. As a PR practitioner, there is a need to put in place internal communication strategies to inform employees about your organization’s data protection practices, the importance of data protection and the consequences of data breach. This can be done through your company’s intranet, in-house bulletin, emails etc. You can also work with top management excos and departments such as HR, IT, Security and Legal to instill a company culture that includes the privacy and protection of all stakeholders’ data.

 

5.     Educate and Empower Customers

PR professionals can develop educational materials and contents such as blog posts, videos, articles, webinars, social media posts that educate customers about data protection best practices and offer tips for them to protect their personal information just as banks send messages to their customers advising them not to share their BVN or Debit Card details to anyone.  You can demonstrate your organization’s commitment to ensuring data protection by creating data protection focused contents and offering them dedicated customer support contacts for privacy-related queries at the end of each content.

 

6.   Collaborate with Influencers and Advocates

Collaborate with influencers or experts in the data protection field to amplify your message and leverage their credibility to build trust with your audience. Your organization can also partner with privacy-focused organizations and advocacy groups to demonstrate your commitment to privacy and participate in industry-wide discussions on data protection.

 

7.    Be Compliant

After all, has been said and done, it is important that organizations are compliant and do not breach any of the data protection laws. Employees from top to bottom should be trained and retrained on data protection. It is worthy to note that Data protection is not the sole right of customers alone, it is for all including employees of an organisation. Organisations should therefore ensure that they respect and protect not just their customers’ data but also their employees, partners and in general their stakeholders’ personal data and are complaint to the NDP law.

 

Organizations can therefore leverage data protection in their PR efforts by addressing data privacy concerns through transparent communication and in turn build trust and credibility with their customers. Through clear privacy messaging, proactive communication, and customer education, businesses can establish themselves as trustworthy custodians of customer data, enhancing their reputation and fostering long-term relationships with their stakeholders.

 

What other ways do you think data protection can be used in PR? Feel free to share your thoughts in the comments.