## Understanding the Scope

NDPR applies to any organization that processes personal data of Nigerian citizens, regardless of where the organization is based. This includes:
– Customer data
– Employee data
– Vendor/partner data

## The Six Principles

1. **Lawfulness, Fairness, Transparency**: Clear legal basis for processing
2. **Purpose Limitation**: Data used only for stated purposes
3. **Data Minimization**: Collect only what you need
4. **Accuracy**: Keep data current and correct
5. **Storage Limitation**: Don’t keep data longer than necessary
6. **Security**: Appropriate technical and organizational measures

## Practical Steps

**Conduct a Data Audit**: You can’t protect what you don’t know you have. Map all personal data flows.

**Update Privacy Notices**: Ensure they’re clear, comprehensive, and accessible.

**Implement Consent Mechanisms**: For data that requires consent, make it explicit and documented.

**Establish Data Subject Rights Procedures**: People have the right to access, correct, and delete their data.

**Train Your People**: Security is only as strong as your least informed employee.

**Document Everything**: When the regulator asks, you need evidence of compliance.

## Common Pitfalls

– Treating compliance as a one-time project rather than ongoing program
– Focusing only on customer data while ignoring employee data
– Assuming cloud providers handle all compliance requirements

The post The CISO’s Guide to NDPR Compliance appeared first on Descasio.