Share with others

Data Privacy Rights

In July 2020, there was a breach termed the “largest data breach ever recorded”. Over 271 million records of Wattpad users were leaked on the dark web; this breach contained 268 unique email addresses. Big deal? Definitely! The database contained usernames, password hashes, Facebook IDs, phone numbers, email addresses, and every detail you could think of having been collected by the company, including IP addresses and locations.

Data privacy is the protection of your data from those who should not have access to it. It also entails being able to decide how your data will be used. Why is data privacy of utmost importance? Well, your data is valuable! You might not understand how much, but those little details about you that seem insignificant are valuable, and that is why your data privacy is important. Take this Wattpad breach, for instance. Users of this application have their data on the dark web and can be victims of identity theft, spear phishing, email hacking, and for those who repeat passwords across all websites and devices, threat actors can use this opportunity to commit fraud with their details. Family members of victims can also be scammed because of this leaked data. 

Your data online and offline is called Personally Identifiable Information (PII). Your PII includes your full name, date of birth, state of origin, house address, postal address, billing address, national identification number, bank verification number, email address, phone numbers, and every detail that is a means of identifying you. These are the details that need to be kept private.

In Nigeria, the NITDA (National Information Technology Development Agency) has standards and regulations relating to data protection and privacy, and every company, organization, or business has a policy that complies with that standard. They call it NDPR. 

The Nigeria Data Protection Regulation 2019 addresses important data issues.

Data collection

Before your data can be collected, your consent as an individual is needed. Your data should not be collected if your consent is not given. The specific purpose for collecting the data has to be explicitly stated before you give your consent.

Data processing

Your collected data can only be processed in the agreed way. Of course, there are exemptions, especially on issues bothering national security. The whole point is that your data privacy is not infringed upon without your permission. You have the right to object to the processing of your data if they want to use it for marketing purposes.

Data storage

Anyone collecting your data has the duty to store your data properly. Your data can only be stored for the duration it is needed for. 

Data security

Whether in transit, processing, or storage, your data should be secure. No leaks, and no loss of your data. As a result, anyone who handles your data has a responsibility to install firewalls and use encryption to ensure the security of your data. Policies should also address the secure handling of your data.


As much as you have to give your consent and anything can be done with your data with your consent, it is also important to note that your consent can be withdrawn. Yes! You have the right to withdraw your consent, although processes done with your data before your consent is withdrawn are legal. Your consent should be gotten without fraud or coercion.

Every individual has the right to data privacy. Your data is important and should be given the treatment it deserves. Every company or organization that you give your consent to has the obligation and duty to make sure that your data is handled with care. Not complying with the data protection regulations and then having a breach has penalties in Nigeria, which are usually in the form of paying fines. 

With the understanding of just how valuable your data is, what should you do from henceforth?

STOP! Stop filling out those forms on every website you visit. They are not all compulsory. Stop treating your data carelessly. Stop jumping on every giveaway post with your life’s details, c’mon! 

Read! Read those privacy agreements before you tick the “I agree” box. You can choose not to use a service or an application just because their agreement and data privacy clause are not explicit enough. 

Enable Multi-Factor Authentication or Two-Factor Authentication (MFA or 2FA). This step is for your own personal safety. I mean, what happens when organizations you trust are careless with your data and then your data is leaked online and a threat actor is trying to log into your email account, social media accounts, or worse, your bank accounts? This is where the MFA comes in to provide a layer of protection so your data will not be exploited.

The tech giant, Google now has new options for removing your Personally Identifiable Information from searches when you make the request, this is a commitment to privacy and online safety on the part of Google. Data Privacy Is Your Right… Know it. Protect it! 

Meet Our Research Analyst:

Presence Secure

Ruth Fatayo is a Research Analyst at Presence Secure. She is a 400L Cyber Security student at the Federal University of Technology, Akure. Connect with Ruth via LinkedIn.  Email: [email protected]


  1. I enjoy what you guys tend to be up too. This sort of clever work and reporting!
    Keep up the excellent works guys I’ve incorporated you guys to our blogroll.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top