Wanted: A Regime Of Regulated Digital Economy In Nigeria
6 min read
By Abiola Sanusi
According to the World Bank, the digital economy makes up more than 15% of the global GDP and has grown 2.5 times faster over the previous ten years than the GDP of the physical world. Nigeria’s digital economy started on October 17, 2019, when Ministry of communication was changed to the Ministry of Communications and Digital Economy. In the second quarter of 2022, ICT sector contributed 18.44% to Gross Domestic Product (GDP). The digital economy space has recorded over $4.4 billion investments according to the Director-General, National Information Technology Development Agency (NITDA), Kashifu Inuwa. The Ambassador of Israel to Nigeria, Michael Freeman disclosed his country’s readiness to partner with Nigeria towards creation of one million jobs through digital economy. This reflects the inherent potential of digital economy.
Globally, economies are harvesting benefits of digital economy. For instance, the forecast for 2025 anticipates UK’s GDP to increase by 2.8 percent due to tech investments. When it comes to the digital sector’s market value in the UK, one of the most relevant segments is IT, software, and computer services, valued at over 42 billion British pounds in 2021. In 2021, the U.S. digital economy contributed $3.70 trillion of their gross output. It injected 10.3 percentage into the U.S. gross domestic product (GDP) which is valued at $2.41 trillion. US now have 5.9 percent increase in their economy because of digital economy. More than 1.7 million employments in the UK are generated by their digital economy. In similar manner, more than 17 million jobs in the U.S. were generated by the internet-based commercial activities, this is 7 million more than four years ago. Some IT solutions driving digital economy in services space is Computerized Maintenance Management System (CMMS). In today’s ever changing and challenging market, manufacturers now seek an approach to adopt information technology to balance production needs with the ability to manage and measure customer experiences and expectations. Customer Relationship Management (CRM), being one of the famous software solutions, has now become a critical enabler of this manufacturing sectors’ strategies because CRM has demonstrated a strong capacity to deliver deep insights from both sales and production standpoint which can help manufactures manage their business data analytics to identify trends, learn more about customer priorities and inform future product and service offerings. There are several Fintech organizations upspringing in Nigerian and scaling global markets. There seems to be, or it is possible that there will be parallel proportionality of any potential cyber breaches to the growth of the tracks in a typical digital economy space if commensurate approaches are not proactively taken to secure IT and digital solutions which are lacking in our digital economy in quantum measure.
This new economy is now becoming national ‘bread and butter’ globally and it is necessary for government to roll out strategies, initiatives, polices and regulations to promote and protect this new ‘binary oil’. Cyber adversaries and state sponsored cyber crooks are relentless in eroding away the gains of digital economy globally. In the year 2022, nearly 1 billion emails were exposed in a single year, affecting 1 in 5 internet users. Data breaches cost businesses an average of $4.35 million. Around 236.1 million ransomware attacks occurred globally in the first half of 2022 alone.39% of UK businesses reported suffering a cyber-attack. 53.35 million US citizens were affected by cybercrime in the first half of 2022. Malware attacks increased by 358% compared to the previous year. These statistics are good indicators of why the Nigerian government must measure up in protecting our digital economy spaces.
EU recognizes that ICT drives the businesses in financial sectors, so it is rolling out Digital Operation Resilience Act (DORA) for protection of digital assets and information systems in financial industry. DORA is set out to protect, detect, contain, recover, and repair any anomalies against ICT-related incidents. DORA simply refers to ICT risk, ICT risk-management approaches, incident reporting, operational resilience, business continuity and ICT third-party risk monitoring. This Regulation reckons that ICT related incidents and a lack of operational resilience can possibly jeopardies the sanity of the entire financial system, even if there is “adequate” capital for the traditional risk categories. In demonstrating the union’s commitment to the protection of digital economy in financial services, entities found to be in violation of the Act’s requirements may be mandated to pay fines of up to 2% of their total annual worldwide turnover or, in the case of an individual, a maximum fine of EUR 1,000,000.
In May 2018, Global Data Protection Regulation (GDPR) was launched in EU. The regulation came with several articles and recitals. The big deal is the power arrogated to the ‘Subjects’ by the regulation. A subject in GDPR is the natural persons who owns the Personal Identifiable Information (PII) that the ‘Controllers’ collect while delivering businesses and services to the Subjects. The ‘Processors’ work in partnership with the controller in delivering the digital business or services to the Subjects. In similar manner, in January 2019, Nigeria; through NITDA, released her own version of data protection regulation called Nigeria Data Protection regulation (NDPR). These two territorial regulations have provision for fines for the Controllers or Processors who violate any article of these regulations. Facebook’s owner, Meta, was fined a record €1.2bn (£1bn) and compelled to put on hold the transfer of Subjects’ PII from the EU to the US. The fine; an equivalence of $1.3bn was imposed by Ireland’s Data Protection Commission (DPC), being the regulator supervising Meta’s operations across the EU. This was a record for a data breach of the bloc’s General Data Protection Regulation (GDPR). In a similar circumstance, French Data Protection Authority fined Google LLC of a sum around €50 million. The Authority acted as the region regulator under the EU General Data Protection Regulation (the “GDPR”). Google LLC was found guilty of lack of transparency and failure to obtain consent for ad targeting.
Article 37 of the GDPR stipulates that organizations must have data protection officer (DPO) because organization’s core activities require “regular and systematic monitoring” of personal data on a “large scale.” Article 39 of the GDPR requires a DPO to monitor an organization’s compliance with the GDPR and its own internal policies to ensure the proper care and use of personal data. To do so, DPOs must be a member of organization workforce. GDPR is claimed to be responsible for the creation of 28,000 jobs in the UK (as far back as 2018) and 75,000 DPO positions in the entire EU. The big players in tech and social media giants especially, have redefined their business model and approaches since the emergence of GDPR and since when some of them experienced imposition of fines.
The NDPR compliance framework set up by NITDA requires the services of private organizations to become Data Privacy Compliance Organization (DPCOs). DPCOs are licensed under the Nigeria Data Protection Regulation (NDPR) to provide compliance services and guide their clients whether in the public or private sectors to adhere to privacy guidelines under the NDPR. This framework is supposed to be a multi-billion dollars industry if the DPCOs had annexed the inherent potentials in their new industry. This could have been an added boost to the growth of Nigeria Digital Economy as GDPR has been to the digital economy of EU nations. Another upcoming booster for the advancement of digital economy of EU nations is DORA. Regulations have and will improve efforts towards ICT risk-management approaches, incident reporting, operational resilience, business continuity and ICT third-party risk monitoring, threat intelligence, vulnerabilities managements and so many more. Putting Processes, People and Technology (PPT) in place to ensure conformity to these regulations have undisputable potential on increasing demand for PPT and consequently advising digital economy and creating employment. Regulations will not only demonstrate capacity to strengthen nation’s information security postures but will also contribute to the growth of digital economy.
This is a call to the federal government to consider sponsoring bills for the enactment of regulations to manage specific tracks in digital economy such as transportation information management systems; delivery business, ecommerce sectors, manufacturing industries, Fintech, financial institutions, educational services, production services driven by cyber physical systems, insurance services, exportation and importation services and many more.
- Sanusi, a first degree holder in electronics & computer engineering, a Certified Ethical Hacker (CEH) and ISO 27001 lead implementer, sent this from Lagos, South-West Nigeria.
References;
https://www.digital-operational-resilience-act.com/
https://medium.com/golden-data/case-study-googles-50-milliion-gdpr-fine-5e43946793c2
https://www.imperva.com/blog/gdpr-job-market/
