According to the Federal Government of Nigeria, the country's internet community will face a 'huge impact' when new data protection regulations from the European Union (EU) take effect from May 2018, replacing the data protection directive of 1995.

The country's National Information Communication Technology Agency (NITDA) yesterday warned Nigerians using the European Union General Data Protection Regulation (GDPR) to beware of possible negative impacts.

In a statement made available to Nigeria's Technology Times, Dr Isa Pantami, Director-General of NITDA said, "This regulation might have [a] huge impact on Nigerian businesses and/or individuals that use Information Technologies to collect, store, process and transact on EU citizens personal data in EU territory or elsewhere."

According to NITDA, Nigerian organisations that control and process personal data of EU nationals must note that companies that meet the following criteria must comply:

• Have offices in an EU member states;

• Have no offices in any EU member state but processes personal data of EU nationals and residents; Have more than 250 employees; and

• Have fewer than 250 employees but its data processing impacts the rights and freedoms of data subjects or occasionally includes certain types of sensitive personal data.

Pantami further warned that breach of the regulation can attract a fine of up to 4% of a company's annual global turnover or an equivalent of twenty million euros (€20 million). "Furthermore, companies can be fined up to 2% for not having their records in order, not notifying the supervising authority and data subject about a breach or not conducting impact assessment."

He called on Nigerian businesses, particularly those carrying out online transactions, to meet the GDPR compliance criteria.

The EU's GDPR is the result of four years of work by the EU to bring data protection legislation into line with new and previously unforeseen ways of data usage.

According to a report by Nigeria's PM News, currently, the UK relies on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this will be superseded by the new legislation.

"The new legislation introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data and it also makes data protection rules more or less identical throughout the EU.

"The GDPR will apply in all EU member states from May 25, because GDPR is a regulation, not a directive, the UK does not need to draw up new legislation – instead, it will apply automatically."