Carry out periodic privacy compliance audit

Every organisation is required on a yearly basis to carry out an audit of its privacy program as a means of ensuring compliance with the requirements of the law. Where the organisation processes personal information in excess of 1000 individuals, a copy of the audit report is required to be filed with the Commission responsible for monitoring compliance with privacy and data protection laws in Nigeria. The compliance audit report (CAR) should provide the following information

  • An overview of the privacy program of the organisation for the year
  • Information on the nature and types of personal information processed by the organisation. 
  • basis for collection and use of personal information within the organisation
  • Security safeguards implemented to secure information.
  • Assistance and measures implemented to help data subjects exercise their privacy rights.
  • Breach monitoring and incident response process in place
  • Information on adoption of new information processing technology, and its impact on the privacy program within the organisation
Scroll to Top