NDPR Compliance
Nigeria Data Protection Regulation Compliance Statement
Ygrene Technologies Limited is committed to protecting the privacy and personal data of our clients, partners, and stakeholders in accordance with the Nigeria Data Protection Regulation (NDPR) 2019, as issued by the National Information Technology Development Agency (NITDA).
This compliance statement outlines our commitment to data protection principles and the measures we have implemented to ensure full compliance with the NDPR.
Data Protection Framework
Comprehensive policies and procedures aligned with NDPR requirements for lawful, fair, and transparent data processing.
Security Measures
Industry-standard technical and organizational measures to protect personal data from unauthorized access, loss, or destruction.
Data Subject Rights
Mechanisms to ensure individuals can exercise their rights to access, rectify, erase, and port their personal data.
Lawful Processing
Clear legal basis for all data processing activities with proper consent management and documentation.
Data Protection Officer
Designated DPO responsible for monitoring compliance and serving as point of contact with NITDA.
Breach Notification
Established procedures for detecting, investigating, and reporting data breaches within required timeframes.
1. NDPR Principles
We adhere to all seven principles of data protection as outlined in the NDPR:
2. Legal Basis for Data Processing
We process personal data based on the following lawful grounds:
- Consent: Explicit consent obtained from data subjects for specific processing activities
- Contract: Processing necessary for contractual obligations with clients and partners
- Legal Obligation: Compliance with Nigerian laws and regulations
- Legitimate Interests: Processing necessary for our legitimate business interests, balanced against individual rights
3. Data Subject Rights
Under the NDPR, individuals have the following rights regarding their personal data:
Right to Access
Request confirmation of whether we process your personal data and obtain a copy of such data.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data under certain circumstances.
Right to Data Portability
Receive your personal data in a structured, commonly used format and transfer it to another data controller.
Right to Object
Object to processing of your personal data for direct marketing or other legitimate interests.
Right to Restrict Processing
Request limitation on how we process your personal data in specific situations.
4. Security Measures
We implement robust technical and organizational security measures including:
- Encryption of data in transit and at rest
- Access controls and authentication mechanisms
- Regular security assessments and vulnerability testing
- Employee training on data protection and security
- Incident response and data breach notification procedures
- Regular backups and disaster recovery plans
- Vendor management and third-party security assessments
5. Data Protection Audit
In compliance with Section 2.12 of the NDPR, we conduct regular data protection audits to ensure ongoing compliance. Our audit program includes:
- Annual comprehensive data protection compliance audits
- Regular reviews of data processing activities
- Assessment of technical and organizational security measures
- Evaluation of data subject rights request handling
- Review of third-party data processor agreements
6. Data Protection Officer (DPO)
We have appointed a Data Protection Officer responsible for:
- Monitoring compliance with the NDPR and our data protection policies
- Serving as the point of contact with NITDA and data subjects
- Conducting data protection impact assessments
- Providing advice on data protection matters
- Training staff on data protection requirements
7. Data Breach Management
We have established procedures to:
- Detect and assess potential data breaches promptly
- Notify NITDA within 72 hours of becoming aware of a breach
- Notify affected data subjects without undue delay when required
- Document all data breaches and remedial actions taken
- Implement corrective measures to prevent future breaches
8. International Data Transfers
When transferring personal data outside Nigeria, we ensure adequate protection through:
- Verification that the destination country has adequate data protection laws
- Implementation of appropriate safeguards such as standard contractual clauses
- Obtaining explicit consent when required
- Conducting transfer impact assessments
9. Third-Party Data Processors
We carefully select and manage third-party service providers who process personal data on our behalf. All data processors are required to:
- Sign comprehensive data processing agreements
- Implement appropriate security measures
- Process data only on our documented instructions
- Maintain confidentiality of personal data
- Assist with data subject rights requests and breach notifications
10. Contact Our DPO
For any questions about our NDPR compliance or to exercise your data protection rights, please contact our Data Protection Officer:
Data Protection Officer
Ygrene Technologies Limited
No. 12 Ebitu Ukiwe Street
Jabi District, Abuja, FCT, Nigeria
Email: contactus@ygrenetechnologies.com
Phone: +234 818 188 8882
11. Regulatory Authority
The NDPR is regulated by the National Information Technology Development Agency (NITDA). If you have concerns about our data protection practices, you have the right to lodge a complaint with NITDA:
National Information Technology Development Agency (NITDA)
28 Port Harcourt Crescent
Off Gimbiya Street, Area 11
Garki, Abuja, Nigeria
Website: nitda.gov.ng