The National Information Technology Development Agency (NITDA) in exercise of it's powers to develop regulations for electronic governance in Nigeria issued the Nigeria Data Protection Regulation in 2019. The main purpose of the regulation was to monitor electronic data interchange in government, commerce, education, public and private sectors and in other fields where use of electronic communication is needed.
Part Three of this said regulation provides for the rights of a data subject specifically. The rights of a data subject include;
1. Right to a clear, transparent information relating to processing of any personal data: This right means that the data controller has the duty to inform the data subject in a clear, concise and intelligible manner, the way and manner his/her personal data is to be processed. Most commercial websites have cookies embedded in them. Ordinarily, cookies are used by websites to keep track of your preferences but they also hold a host of your personal infos and data. In fact, some viruses can be disguised as cookies. What some of the websites do is to notify you of the existence of cookies on the website. It is now left for you to accept or reject them. The Data controller must also inform the data subject where he has the intention to process the personal data of him/her for a purpose other than that for which it was originally provided. It also imposes on the data controller the duty to inform the data subject the period for which personal data will be stored, the contact details and identity of the data controller and the purpose for the data processing.
2. Right to delete without delay: A data subject has the right to request that the data controller deletes his/her personal data. For instance, if you are running a savings account with a bank and you are probably fed up with their services, you have the right to demand that the account be closed and your personal data deleted. This is in exercise of your right to be forgotten.
3. Right to receive data provided by the data subject for onward transfer to another data controller: This is otherwise referred to as data portability. The custom practice is for most data controllers to transfer the personal data of a data subject directly to another data controller. For instance, transfer of transcripts. However, where you need to receive the data personally before onward transmission, you have the right to request for such.
4. Right to Rectification: A data subject has the right to correct certain errors in his personal data subject to some legal requirements. For instance, to request a change of name in an official document, you most likely need to swear to an affidavit, present newspaper publication showing the change of name before the name can be officially rectified. The forgoing is obviously to guard against impersonation. However, on your social media apps, you have the leverage the rectify your personal information, bio and profile as much as you want to.
5. Right to object to marketing: Some data controllers can be unscrupulous. They sell personal data they have gathered to another outfit without the consent of the data subject. Consequently, you receive so many unsolicited and spam messages. Be careful of websites in which you fill in your personal informations. As a data subject you have a right to object to marketing. Sometimes, network providers give you the option of sending "STOP". Once, you do so, the unsolicited marketing messages stops.
You can also read:BASICS ABOUT DATA PROTECTION IN NIGERIA
No comments:
Post a Comment