Technology
Experts Advise African Firms Processing EU Personal Data
By Dipo Olowookere
A piece of advice has been given to organisations in Africa processing the personal information of data subjects from within the European Union (EU).
At an event hosted by Baker McKenzie and Cognia Law in Johannesburg, Head of the Technology, Media and Telecommunications Practice Group at Baker McKenzie in Johannesburg, Mr Darryl Bernstein, warned organisations doing such to already have effective General Data Protection Regulation (GDPR) compliance procedures in place, including Data Breach Security Checklists, impact assessments and subject data requests procedures.
Mr Bernstein said this due diligence is not only required by the GDPR regulation but can significantly reduce the risks associated with security breaches, raise awareness of the GDPR and ensure that companies have appropriate technical and organisational measures in place to comply with the legislation.
He further said it was essential for organisations to have a General Data Protection Regulation (GDPR) Data Security Breach Checklist in place to assess the risks of a data security breach and to implement a plan to contain and manage any data breaches.
Mr Bernstein noted that the first step on any organisation’s GDPR Data Security Breach Checklist should be to assess the risks associated with a data security breach.
“It is essential to know whose data might have been disclosed, what type of data has been breached and if it contains sensitive information.
“Affected organisations should also asses the volume of data disclosed and if any of the data has been lost or damaged. The cause of the breach and where in the world the breach occurred must also be investigated,” he said.
Mr Bernstein explained that step two on the Checklist should be to contain the breach and recover the data.
“Organisations who have fallen victim to a data breach must establish who will investigate the breach, who will assist with the containment of the breach and/or the recovery of information and if action should also be taken to prevent the breach from recurring. This is also the time to inform the police, if appropriate to do so,” the data expert said.
During step three, organisations must notify all data subjects who have had their private information breached.
“According to the GDPR, notification must take place without undue delay and no later than 72 hours after the breach has occurred. The nature and scope of the breach, as well as its consequences and the measures taken to rectify it, must also be disclosed to affected data subjects,” he said.
Mr Bernstein explained that South African organisations will have to have a similar checklist in place in order to comply to the soon to be implemented Protection of Personal Information Act (POPIA).
POPIA stipulates that a data breach must be notified as soon as reasonably possible after the discovery of the compromise, considering the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and to restore the integrity of the responsible party’s information system.
To assist organisations in the event of a data breach, Baker McKenzie recently launched a mobile application called “Data Breach 72”. This app, which is available in English and French, allows organisations to identify the existence of a data breach, within the scope of application of the GDPR; establish whether it is necessary to notify the competent supervisory body; and prepare an initial draft of this notification. The app forms part of Baker McKenzie’s innovation programme, which aims to rethink the way in which lawyers deal with the challenges their clients are facing.
The final step in Checklist includes a thorough evaluation of the breach. “Once the first three steps are complete, organisations must investigate whether employees were responsible for the breach and if disciplinary action is required. If a third party was involved, the contract should be checked for damages provisions and an impact assessment undertaken. Lastly, organisations must review their procedures and ensure their data is secure going forward,” he said.
Also, partner in Baker McKenzie’s Corporate/M&A practice and TMT specialist, Janet MacKenzie, noted that, “The GDPR further requires organisations to complete a Data Protection Impact Assessment prior to the processing of private information, where the processing is likely to result in a high risk to the rights and freedoms of natural persons.
MacKenzie said it is essential to conduct an Impact Assessment of third parties that process high-risk company personal data, to determine their awareness of GDPR and to ensure that they have appropriate technical and organisational measures in place to comply with the legislation.
For high-risk third parties, audit partners should be identified for the assessment of processes and to determine if on-site audits are required. It is worth noting that the requirements of the GDPR stipulate that data processing can only be outsourced to a third party if the processor guarantees conformity with the requirements of the GDPR.
Janet Taylor Hall, CEO of Cognia Law, explained further, “There were two operational areas where clients tend to underestimate the impact assessment efforts around GDPR – the first being adequately preparing to deal with a data breach when it happens and the second is subject data requests, which can in themselves lead to a breach if not handled appropriately.”
“Right of access is a core principle of the GDPR. Individuals have the right to access their personal data and supplementary information at any time. In responding to these data requests in time (30 days), it is also important that no data is shared that belongs to another individual or that contains intellectual property or trade secrets,” she said.
“Putting a robust subject data request capability in place is an important part of the on-going GDPR compliance support we offer our clients”, highlighted Justin Ridl, Global Head of Legal Services, Cognia Law.
By Adedapo Adesanya
Organisations in 2026 face a cybersecurity landscape markedly different from previous years, driven by rapid artificial intelligence adoption, entrenched remote work models, and increasingly interconnected digital systems, with experts warning that these shifts have expanded attack surfaces faster than many security teams can effectively monitor.
According to the World Economic Forum’s Global Cybersecurity Outlook 2026, AI-related vulnerabilities now rank among the most urgent concerns, with 87 per cent of cybersecurity professionals worldwide highlighting them as a top risk.
In a note shared with Business Post, Mr Danny Mitchell, Cybersecurity Writer at Heimdal, said artificial intelligence presents a “category shift” in cyber risk.
“Attackers are manipulating the logic systems that increasingly run critical business processes,” he explained, noting that AI models controlling loan decisions or infrastructure have become high-value targets. Machine learning systems can be poisoned with corrupted training data or manipulated through adversarial inputs, often without immediate detection.
Mr Mitchell also warned that AI-powered phishing and fraud are growing more sophisticated. Deepfake technology and advanced language models now produce convincing emails, voice calls and videos that evade traditional detection.
“The sophistication of modern phishing means organisations can no longer rely solely on employee awareness training,” he said, urging multi-channel verification for sensitive transactions.
Supply chain vulnerabilities remain another major threat. Modern software ecosystems rely on numerous vendors and open-source components, each representing a potential entry point.
“Most organisations lack complete visibility into their software supply chain,” Mr Mitchell said, adding that attackers frequently exploit trusted vendors or update mechanisms to bypass perimeter defences.
Meanwhile, unpatched software vulnerabilities continue to expose organisations to risk, as attackers use automated tools to scan for weaknesses within hours of public disclosure. Legacy systems and critical infrastructure are especially difficult to secure.
Ransomware operations have also evolved, with criminals spending weeks inside networks before launching attacks.
“Modern ransomware operations function like businesses,” Mitchell observed, employing double extortion tactics to maximise pressure on victims.
Mr Mitchell concluded that the common thread across 2026 threats is complexity, noting that organisations need to abandon the idea that they can defend against everything equally, as this approach spreads resources too thin and leaves critical assets exposed.
“You cannot protect what you don’t know exists,” he said, urging organisations to prioritise visibility, map dependencies, and focus resources on the most critical assets.
By Adedapo Adesanya
In a consultation paper released to the public, the commission said it is seeking input from stakeholders, including telecom operators, tech companies, legal experts, and the general public, on proposed revisions designed to reposition Nigeria’s telecommunications framework to match current digital demands. Submissions are expected by March 20, 2026.
The NTP 2000 marked a turning point in Nigeria’s telecom landscape. It replaced the 1998 policy, introducing full liberalisation and a unified regulatory framework under the NCC, and paved the way for the licensing of GSM operators such as MTN, Econet (now Airtel), and Globacom in 2001 and 2002.
Prior to the NTP, the sector was dominated by Nigerian Telecommunications Limited (NITEL), a government-owned monopoly plagued by obsolete equipment, low teledensity, and poor service. At the time, Nigeria had fewer than 400,000 telephone lines for the entire country.
However, the NCC noted that just as the 1998 policy was overtaken by global developments, the 2000 framework has become structurally misaligned with today’s telecom reality, which encompasses broadband, 5G networks, satellite internet, artificial intelligence, and a thriving digital economy worth billions of dollars.
“The rapid pace of technological change and emerging digital services necessitate a comprehensive update to ensure the policy continues to support economic growth while protecting critical infrastructure,” the Commission stated.
The review will target multiple chapters of the policy. Key revisions include: Enhancements on online safety, content moderation, digital services regulation, and improved internet exchange protocols; a modern framework for satellite harmonisation, coexistence with terrestrial networks, and clearer spectrum allocation to boost service quality, and policies to address fiscal support, reduce multiple taxation, and lower operational costs for operators.
The NCC is also proposing entirely new sections to the policy to address emerging priorities. Among the key initiatives are clear broadband objectives aimed at achieving 70 per cent national broadband penetration, with a focus on extending connectivity beyond urban centres to reach rural communities.
The review also seeks to formally recognise telecom infrastructure, including fibre optic cables and network masts, as Critical National Infrastructure to prevent vandalism and enhance security.
In addition, the commission is targeting the harmonisation of Right-of-Way charges across federal, state, and local governments, alongside the introduction of a one-stop permitting process for telecom deployment, designed to reduce bureaucratic delays and lower operational costs for operators.
According to the NCC, the review aims to make fast and affordable internet widely accessible. “The old framework was largely voice-centric. Today, data is the currency of the digital economy,” the commission said, highlighting the need to close the urban-rural broadband divide.
The consultation process is intended to gather diverse perspectives to ensure the updated policy reflects current technological trends, market realities, and consumer needs. By doing so, the NCC hopes to maintain the telecommunications sector’s role as a key driver of economic growth and digital inclusion.
By Adedapo Adesanya
The Minister of Communications, Innovation and Digital Economy, Mr Bosun Tijani, says the Nigerian government is assessing MTN Group’s acquisition of IHS Towers to ensure the deal aligns with Nigeria’s telecommunications development goals.
On Tuesday, MTN Group said it has agreed to acquire the remaining 75.3 per cent stake in IHS Holding Limited in an all-cash deal valued at $2.2 billion. The deal will be funded through the rollover of MTN’s existing stake of around 24 per cent in IHS, as well as about $1.1 billion in cash from MTN, roughly $1.1 billion from IHS’s balance sheet, and the rollover of no more than existing IHS debt.
Mr Tijani, in a statement, said the administration of President Bola Tinubu has spent the past two years strengthening the telecom sector through policy clarity, regulatory support, and engagement with industry stakeholders, boosting investor confidence and sector performance.
“Recent financial results from key operators show improved profitability, increased investment in telecoms infrastructure, and operational stability across the sector,” he said.
“These gains reflect the resilience of the industry and the impact of government reforms.”
The minister added that telecommunications infrastructure is critical for national security, economic growth, financial services, innovation, and social inclusion.
“We will undertake a thorough assessment of this development with relevant regulatory authorities to review its impact on the sector,” Mr Tijani said.
He added that the review aims to ensure market consolidation or structural changes, protect consumers, safeguard investments, and preserve the long-term sustainability of the telecom industry.
Mr Tijani also said the government remains committed to maintaining a stable and forward-looking policy environment to keep Nigeria’s telecommunications sector strong and sustainable, in line with the administration’s broader digital economy vision.
Upon completion, the transaction will see MTN transition from being a minority shareholder in IHS to a full owner. It will also see IHS exit from the New York Stock Exchange and become a wholly owned subsidiary of MTN.
For MTN, the deal represents a decisive shift as data demand surges and digital infrastructure becomes increasingly strategic with a booming digitally-oriented youth population on the continent.
-
Feature/OPED6 years agoDavos was Different this year
-
Travel/Tourism10 years ago
Lagos Seals Western Lodge Hotel In Ikorodu
-
Showbiz3 years agoEstranged Lover Releases Videos of Empress Njamah Bathing
-
Banking8 years agoSort Codes of GTBank Branches in Nigeria
-
Economy3 years agoSubsidy Removal: CNG at N130 Per Litre Cheaper Than Petrol—IPMAN
-
Banking3 years agoSort Codes of UBA Branches in Nigeria
-
Banking3 years agoFirst Bank Announces Planned Downtime
-
Sports3 years agoHighest Paid Nigerian Footballer – How Much Do Nigerian Footballers Earn