GDPR and Its Possible Impacts on Nigerian Businesses
The GDPR (General Data Protection Regulation) is now operative; it certainly is going to have its impact on the management of personal data by data controllers and processors, not just in Europe, but everywhere across the world.
Let’s discuss how the new regulation, because of its far-reaching provisions, could possibly impact Nigerian businesses. Let’s focus on the different aspects of this issue.
The GDPR stipulates that even if a business is not located in the European Union and processes personal data/information of people or in relation to goods/services offered within the European Union, it would have to comply with the provisions of the regulation. Thus, Nigerian businesses that process personal data of citizens or residents of the European Union would have to comply with the provisions of GDPR, even if they don’t have an office or even employees physically present in the European Union.
Nigerian businesses that would have to comply with the provisions of the GDPR include:
Those that target Europen Union citizens/residents via the internet.
Those that market using a language spoken in any European Union country.
Those that accept or agree to accept a currency used in any European Union country for the goods or services offered.
Those that appoint sakes agents in European Union countries.
Those that offer to ship goods to countries in the European Union.
Those that represent that have customers in the European Union or track/monitor people in the European Union to analyze spending patterns or online behavior.
To be noted is the fact that the GDPR would be applicable even if a business that has any of these characteristics doesn’t engage in a financial transaction.
Thus, when a business that has no physical presence within the European Union goes against the provisions of the GDPR, it would have to face the consequences. The representative of the business within the jurisdiction of the GDPR would have to face the action. The website or the service of the company may be blocked and if there is a sale or delivery of goods, the goods may be seized. Goods/services of the companies might be blocked and the company might have to face trade restrictions. Assets that the company has within the European Union might even get frozen. The company’s assets in other jurisdictions that recognize judgments of the European Union might also get frozen or seized.
Many Nigerian companies representing various sectors, including airlines, telecommunications, finance, e-commerce, travel and hospitality, logistics, digital advertising companies, software, application development etc would come under the purview of the GDPR.