Loading...
nesg logo
Legal
-
  1. Privacy Policy

Privacy and Data Protection Policy

1. INTRODUCTION

The Nigerian Economic Summit Group (NESG) is committed to safeguarding the privacy and protection of all personal data in its custody, in accordance with the Nigeria Data Protection Act (NDPA) 2023. This Data Protection and Privacy Policy establishes NESG's approach to ensuring the lawful and ethical collection, processing, storage, and sharing of personal data across all departments, projects, and engagements.

2. SCOPE

This Policy applies to:

  • All NESG staff, directors, vendors, partners, consultants, and third-party service providers who process personal data on behalf of NESG.
  • All personal data processed by NESG in physical or electronic form, relating to staff, partners, stakeholders, event participants, research subjects, or any other natural individuals.

3. LEGAL AND REGULATORY FRAMEWORK

  • The Constitution of the Federal Republic of Nigeria 1999 (as amended)
  • Nigeria Data Protection Act, 2023
  • Other applicable international data protection laws and best practices.

4. DEFINITIONS

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Processing: Any operation performed on personal data, whether automated or not (collection, recording, storage, alteration, retrieval, etc.).
  • Data Subject: An individual to whom personal data relates.
  • Data Controller: NESG determining the purpose and means of processing personal data.
  • Data Processor: Any third party that processes personal data on behalf of NESG.
  • Consent: Freely given, specific, informed, and unambiguous indication of the data subject's agreement.

5. DATA PROTECTION PRINCIPLES

  • Lawfulness, Fairness, and Transparency
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality
  • Accountability

6. LAWFUL BASIS FOR PROCESSING

  • Consent of the data subject
  • Contractual obligation or for the performance of a contract
  • Compliance with legal obligation
  • Protection of vital interest
  • Legitimate interest
  • Public interest or official mandate

7. CATEGORIES OF DATA COLLECTED

  • Staff and Director personnel data
  • Partner/member institution data
  • Vendor and supplier records
  • Stakeholder and participant data from events, surveys, and consultations
  • Donor or funding partner data (where applicable)

8. RIGHTS OF DATA SUBJECTS

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right not to be subject to automated decision-making and profiling

Requests: ogechi.obiorah@nesgroup.org, CC: hanniel.tams@nesgroup.org

9. DATA SECURITY

  • Role-based access controls
  • Secure storage systems (physical and digital)
  • Regular staff training
  • Incident detection reporting protocols
  • Password protection, encryption, firewalls
  • Organisational measures: access restrictions, training, audit trails
  • Data breach response protocol in line with NDPA

10. DATA SHARING AND TRANSFERS

  • Government regulators, partners, or contractors under agreements
  • International organisations with safeguards
  • Transfers outside Nigeria with safeguards (NDPA compliant)
  • Due diligence before engaging processors

11. NESG'S DATA GOVERNANCE

  • Data Protection Officer (DPO)
  • ICT Lead
  • HR/Admin
  • Departmental Heads
  • Board of Directors

12. DATA RETENTION AND DISPOSAL

Personal data retained only as long as necessary. Secure shredding (paper) and secure deletion (digital) enforced.

13. CONSENT MANAGEMENT

Informed, documented consent obtained. Withdrawal respected and facilitated without penalty.

14. STAFF RESPONSIBILITIES AND TRAINING

  • Mandatory awareness and annual refresher training
  • Employees report breaches/risks to DPO
  • Staff must process data only on approved platforms

15. MONITORING AND ENFORCEMENT

  • Periodic internal reviews and audits
  • Breach response within 72 hours (NDPC)
  • Policy violations may result in disciplinary action

16. DATA BREACH RESPONSE

Breaches reported immediately to DPO. NESG investigates and reports qualifying breaches to NDPC within 72 hours.

17. POLICY REVIEW

Reviewed annually or upon regulatory/organizational changes.

18. CONTACT & COMPLAINTS

Data Protection Officers (DPO)
Nigerian Economic Summit Group (NESG)
Email: ogechi.obiorah@nesgroup.org, CC: hanniel.tams@nesgroup.org

lastest podcast

Join our podcast

Tune in for insightful discussions, interviews, and stories that inspire change and drive progress. Join us on this journey as we empower organizations and individuals to make a difference in national development.

See all Podcast
Subscribe to our Newsletter

LAGOS

The Summit House 6, Oba Elegushi Close, off Oba Adeyinka Oyekan Avenue, Ikoyi, Lagos, Nigeria

ABUJA

4th Floor, Unity Bank Tower Plot 785, Herbert Macaulay Way, Abuja, Nigeria.

QUICK LINKS

Press ReleasesHLFonSDGs#ifnotnowwhen?NASSBERNon-Residential Fellowship
PICPodcastErnest Shonekan CentreDMR

CONTACT US

info@nesgroup.org

0201-2952849

nesg logo

The Nigerian Economic Summit Group is a non-profit, non-partisan private-sector led think tank with a mandate to promote and champion the reform of the Nigerian economy into a modern globally competitive, sustainable, inclusive, open economy.

Privacy Policy

© 2025 Nigerian Economic Summit Group. All rights reserved