May 24th, 2018

GDPR and Nigeria



Tomorrow, the EU’s General Data Protection Regulation (GDPR) comes into effect. I’m sure quite a few people have received emails from a few sources requesting for updates to your privacy policy so I thought to take a few minutes to discuss what GDPR is and what it means for brands and publishers in Nigeria.

 

So what is GDPR?

GDPR is a regulation passed in the EU in 2016 but comes into effect on the 25th May 2018. At the heart of GDPR is the belief that consumers have a right to privacy.

The thinking is that we must start from privacy first and as brands, businesses and publishers our aim should be to protect the right of the consumer.  For a lot of publishers, aggregators, ad tech companies, programmatic platforms, the focus appears to be on consent but the spirit behind GDPR is more an argument for transparency. Consumers need to know what data is being collected, where is it going and why. Consumers must have right to choose and control their own data.

 

So does GDPR affect you in Nigeria?

Though GDPR is largely going to affect tech giants like Facebook, Google, due to the law’s focus on the end consumer, it could affect a business or platform based in Nigeria.

For example, if a Nigerian brand or publisher (e.g. Guardian, Vanguard or Jiji) has visitors to its site from the EU, this regulation affects you. If you have data from previous campaigns that you utilize for marketing, if some users reside in the EU you are also affected by this, if you have cookies on your brand’s website (yes cookies are affected by GDPR), if any user to your website is from the EU, you are also affected.

 

What should you do?

If you haven’t done anything yet, I suspect it’s a bit late to work through the data and cost required to make the desired changes by tomorrow. That said, your tech team and key partners are a good place to start.

 

A few companies have denied access to EU customers until they can fully comply with the regulation to avoid fines and penalties but this really isn’t the spirit of the law. In this age of cookies, mobile, AI and more tech, data protection is a collective responsibility and if we (as an industry) don’t drive it through self regulation, it will be thrust upon us through government regulation.