Only months after celebrating 10million users, fintech startup, PalmPay has obtained a compliance status from the Nigeria Data Protection Regulation (NDPR) for implementing all statutory requirements.
With the significant rise in the use of payment platforms in Nigeria, the use of information raises serious concerns about data privacy and protection.
To address this, The National Information Technology Development Agency (NITDA) Act of 2007 formed the statutory regulation for electronic governance and monitoring of the use of information technology and electronic data. In addition to the act and concerns about personal data privacy and protection, as well as the serious consequences of leaving personal data processing unregulated, NITDA issued the Nigeria Data Protection Regulation (NDPR).
The NDPR makes provisions for the rights of data subjects, the obligations of data controllers and data processors, transfer of data to a foreign territory amongst others.
As a data controller, PalmPay engaged a Data Protection Compliance Organization (DPCO) licensed by NITDA, to perform a data protection audit. The DPCO has reviewed PalmPay’s ability to provide secure financial information, personnel data and information entrusted to third parties. Being NDPR compliant indicates that PalmPay meets the high requirements of information security.
According to the Managing Director of PalmPay, Chika Nwosu, “Data protection in the payments industry today is more important than ever, where the use of digital payments is rapidly increasing, and transfers between individuals have significantly changed. Personal activities or individual behaviours may be tracked using the associated data. The security and safety of funds and data will continue to be priority for PalmPay.”
Nwosu adds, “Customer first is one of our core values, and an NDPR compliance status demonstrates how serious we are about it. We remain committed to improving data protection to meet our privacy responsibilities to our users, and merchants.”