Nigeria

In terms of data protection, Nigeria Data Protection Act 2023 (NDPA) was signed into law on 12 June 2023 by the President of Nigeria. The Act creates the Nigerian Data Protection Commission to oversee and regulate the processing of personal data by entities. In addition, the Act also provides for the principles and legal basis for the processing of personal data. It provides a more systematic legal framework for the protection of personal data in Nigeria. HUAWEI CLOUD Nigeria Privacy Compliance Instruction shares Huawei Cloud's experience and best practices in privacy protection with you to help you comply with Nigeria privacy protection requirements.

The specific regulatory requirements that financial institutions need to comply with are as follows:

● Nigeria Financial Services Industry IT Standards Blueprint (Blueprint): CBN released the Nigeria Financial Services Industry IT Standards Blueprint in July 2019. This document encourages FIs in Nigeria to develop, grow and sustain competency in Information Technology. It hopes to achieve this by serving as a framework and guide for the use of and implementation of Information Technology and Information Technology (IT) Standards. The overall objective is to bring Nigerian Financial Institutions to an acceptable minimum level of process maturity, which will help drive sustainable growth, build resilience and improve customer experience.

● Risk-based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers (DBM and PSP Guidelines): An increase in the number and sophistication of threats targeting DMB and PSP in general led to the promulgation of the CBN’s DBM and PSP Guidelines. The guidelines, which came into effect on January 1, 2019 and was designed to provide guidance for DMB and PSP to implement network security programs, outline minimum requirements for enhancing the cybersecurity of banks and payment service providers so that they remain resilient and proactively seek to secure their critical information assets.

● Draft Risk-based Cybersecurity Framework and Guidelines for Other Financial Institutions (Draft OFI Guidelines): CBN released the Draft Risk based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs) in Nigeria on August 13, 2021. The guidance outlines the minimum requirements that OFIs must adhere to when developing and implementing strategies, policies, procedures and related activities aimed at mitigating cyber risks.

HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines in Nigeria describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry in South Africa.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.