If your business has a website, an app, or even just a social media page, you are collecting data. From contact forms and newsletter sign-ups to e-commerce checkouts, online data collection is the engine of modern business in Nigeria. But with this power comes great responsibility, defined by the Nigeria Data Protection Act (NDPA) 2023.

Collecting data without following the rules isn't just risky; it can lead to heavy fines and a loss of customer trust. So, how can you collect the data you need to grow your business while staying compliant? Here are five practical steps.

1. The Golden Rule: Get Valid Consent

Before you collect a single piece of personal information, you must have a lawful reason. For most online activities, that reason is consent.

Under the NDPA, consent must be:

• Freely Given: You cannot force or trick someone into giving consent.

• Specific: They must know exactly what they are consenting to (e.g., "I consent to receive marketing newsletters").

• Informed: You must provide enough information for them to make a real choice.

• Unambiguous: It must be a clear, positive action, like ticking a box. Pre-ticked boxes are not allowed.

Action Tip: On your forms, use a clear, unticked checkbox next to a statement like, "I agree to the terms and consent to my data being processed as described in the [link to Privacy Policy]."

2. Be Transparent: Your Privacy Policy is Non-Negotiable

Your privacy policy is your promise to your users. It’s where you explain how you handle their data. The NDPA requires this policy to be easy to find and understand.

It must clearly state:

• Who you are and how to contact you.

• What data you are collecting.

• The specific purpose for collecting it.

• How long you will store the data.

• If you share the data with any third parties.

• How users can exercise their rights (like accessing or deleting their data).

Action Tip: Place a link to your Privacy Policy in your website's footer and on every form where you collect data.

3. Practice Data Minimization: Collect Only What You Need

The NDPA requires you to collect only the data that is absolutely necessary for your stated purpose. Don't ask for a user's date of birth and phone number if all you need is their email address for a newsletter.

Collecting extra data increases your risk and responsibility. If you don't need it, don't collect it.

Action Tip: Review every field on your online forms. For each one, ask, "Is this information essential to provide this specific service right now?" If the answer is no, remove it.

4. Secure Everything: Protect the Data You Collect

Once you've collected data, you have a legal duty to protect it. This isn't just about preventing hackers; it's about having a secure infrastructure for storing and managing that data.

This is where your technology partner plays a crucial role. A secure platform like Walla is built with compliance in mind.

• Secure Storage: The NDPA has rules about data sovereignty. Walla helps you store Nigerian data locally on secure servers, helping you meet residency requirements effortlessly.

• Access Control: Not everyone in your company needs to see customer data. Walla’s granular access controls ensure that only authorized personnel can view or process sensitive information, reducing the risk of internal breaches.

• Data Protection by Design: When using data for testing or analytics, you must still protect it. Walla’s data masking feature allows you to anonymize personal details, ensuring you can work with data without exposing individuals' privacy.

Action Tip: Ensure your website uses HTTPS (the padlock icon in the browser). For storage and management, partner with a platform like Walla that offers end-to-end security and compliance features.

5. Respect User Rights

The NDPA gives Nigerians several rights over their data, including the right to access it, correct it, and request its deletion. Your business must have a clear and simple process for users to make these requests.

Action Tip: Create a dedicated email address (e.g., privacy@yourcompany.ng) and a simple procedure for handling data subject requests promptly.

Conclusion

Compliance with the NDPA isn't a one-time task; it's a commitment to respecting your customers' privacy. By getting valid consent, being transparent, minimizing data collection, and securing everything with a trusted partner like Walla, you can build a business that is not only compliant but also worthy of your customers' trust.

Nigerian Pidgin English

How Your Bizness Go Follow Nigeria Data Protection Law When You Dey Collect Data Online

If your bizness get website, app, or even social media page, e mean say you dey collect data. From contact form and newsletter sign-up to when person buy something online, na online data be di engine wey dey move modern bizness for Nigeria. But as dis power dey, na so big responsibility follow am, and na di Nigeria Data Protection Act (NDPA) 2023 talk am.

To dey collect data anyhow without following di rules no be joke; e fit lead to heavy fine and your customers no go trust you again. So, how you fit collect di data wey you need to grow your bizness and still dey compliant? See five practical steps here.

1. Di Number One Rule: Get Proper Consent

Before you collect even one single personal information, you must to get good reason wey law back. For most online things, that reason na consent.

Under NDPA, consent must to be:

• Dem Give Am Freely: You no fit force or scope person to give you consent.

• E Get Wetin E Target: Dem must to know exactly wetin dem dey agree to (e.g., "I agree to receive marketing newsletter").

• Dem Know Wetin Dem Dey Do: You must give dem enough information so dem go fit make real choice.

• E Clear: Na something wey person go do, like to tick box. Dem no allow pre-ticked box.

Action Tip: For your forms, use clear box wey dem never tick, put am beside word like, "I gree to di terms and I consent make dem process my data as e dey inside di [link to Privacy Policy]."

2. No Hide Anything: Your Privacy Policy Na Must

Your privacy policy na your promise to your users. Na there you go explain how you dey handle their data. Di NDPA talk say dis policy must to dey easy to find and understand.

E must talk clearly say:

• Who you be and how person fit contact you.

• Which data you dey collect.

• Di special reason why you dey collect am.

• How long you go keep di data.

• If you dey share am with other people.

• How users fit use their rights (like to see or delete their data).

Action Tip: Put link to your Privacy Policy for your website footer and for every form wey you dey use collect data.

3. Practice Data Minimization: Collect Only Wetin You Need

Di NDPA talk say make you collect only di data wey you really need for di reason wey you talk. No dey ask for person birthday and phone number if na only email you need for newsletter.

To dey collect extra data dey increase your risk and your responsibility. If you no need am, no collect am.

Action Tip: Check every field for your online forms. For each one, ask yourself, "I really need dis information to give dis particular service right now?" If di answer na no, comot am.

4. Lock Am Well-Well: Protect di Data Wey You Collect

Once you don collect data, na your duty by law to protect am. Dis one no be just to stop hackers; e mean say you must get secure place to store and manage dat data.

Na here your technology partner matter well-well. Secure platform like Walla, dem build am with compliance for mind.

• Secure Storage: Di NDPA get rules about where data suppose dey. Walla go help you store Nigerian data locally inside secure servers, wey go make you meet residency requirement sharp sharp.

• Control Access: No be everybody for your company suppose dey see customer data. Walla special access control go make sure say na only people wey get power fit see or process sensitive information. E go reduce risk of magomago from inside.

• Data Protection by Design: Even when you dey use data for test, you must still protect am. Walla data masking feature go allow you hide personal details, so you fit work with di data without exposing person privacy.

Action Tip: Make sure say your website dey use HTTPS (dat padlock sign for browser). For storage and management, partner with platform like Walla wey offer security and compliance from top to bottom.

5. Respect User Rights

Di NDPA give Nigerians different rights over their data, including di right to see am, correct am, and ask make you delete am. Your bizness must to get clear and simple process for users to make these requests.

Action Tip: Create special email (like privacy@yourcompany.ng) and simple way to handle people request on time.

Conclusion

To comply with NDPA no be one-time work; na promise to dey respect your customers' privacy. If you get proper consent, you no hide anything, you collect only wetin you need, and you secure everything with trusted partner like Walla, you go build bizness wey no only dey compliant, but wey your customers go trust well-well.