Privacy is a growing concern for technology consumers worldwide. While there was a time when that may not have been the case for countries like Nigeria and Kenya, that’s no longer the reality. As connectivity becomes more affordable and ubiquitous, Kenyans and Nigerians have become increasingly tech-savvy and conscious regarding how much data they share with technology companies and what the latter are doing with it.

In the face of these growing concerns, companies operating in Africa need to be mindful of the increasing privacy mindset of their customers. Aside from regulatory compliance, companies should actively demonstrate that they care about their customers’ privacy concerns in order to build and sustain trust and to show they’re taking a proactive approach to protect their personal information.

The importance of regulatory compliance

The first step any company should take to safeguard their customers’ privacy is ensuring they’re compliant with all of the relevant laws and regulations. In countries like Kenya and Nigeria, data protection regulations are relatively new.

The Data Protection Act of 2019, enforced by the Office of the Data Protection Commissioner (ODPC), regulates data protection in Kenya. The act expressly prohibits organizations from processing personal data if their consent has not been provided first. Each organization must have a data controller and/or a data processor whose responsibility is to prove they’ve obtained consent before processing a person’s data.

Nigeria’s Data Protection Act, meanwhile, was signed into law in 2023. The act governs both manual and automatic data processing. The act also established the Nigeria Data Protection Commission (NDPC), which is an independent body that governs data protection and regulation in the country. In addition to defining sensitive personal data as including an individual’s genetic and biometric data as well as their race, ethnicity, and health status, among other things, the act also provides specific grounds for the processing of this sensitive personal data. According to the act, such data can be processed where consent is provided or where processing is necessary for social security or employment laws.

Both of these laws are in line with similar laws and regulations around the world, such as Europe’s GDPR. That means they’re not only a good place for Nigerian and Kenyan businesses to start for compliance, but they also help businesses gain good footing when it comes to protecting customer data should they start operating internationally.

Beyond compliance

Companies should, however, view regulatory compliance as the bare minimum when it comes to meeting their customers’ privacy needs. Given the parlous state of privacy protection across many African countries, going above and beyond with customer privacy can be a positive differentiator for companies that get it right.

Among the initiatives they can undertake in this direction are investing in data center security to minimize the collection of data, requesting permission from customers while collecting sensitive information, and ultimately reducing their reliance on selling user data for revenue gains. Another initiative that organizations can implement is implementing multi-factor authentication if they require customers to log in to an account to access their products and services.

Another aspect that businesses should pay close attention to is which technology vendor they work with to run their internal operations. Businesses should ensure the third-party tech tools they deploy within their IT infrastructure also come with strong data privacy and protection controls, and the corresponding vendors also practice transparent data collection practices. Should one of these vendors fall victim to a cybersecurity breach, the customer data of the organizations using it could easily fall into nefarious hands.

Businesses should, therefore, ensure they make use of software providers and vendors that are, themselves, compliant with all the relevant privacy laws and regulations, and offer a comprehensive set of security measures and procedures, including controlled user access, enterprise mobility management (EMM) integration, IP restrictions, and secure integrations.

Riding the positives of proactive protection

While there are many negatives associated with data protection failures, including reputational damage and legal punishments, it’s also important that organizations understand the positives associated with proactive data protection.

High up on the list of those positives is building trust. Customers who trust the companies they buy from are more likely to be loyal in the long term, make repeat purchases in the future, and act as evangelists to others. At a time when customers are increasingly concerned about data privacy, building that trust is more difficult, but also more rewarding than ever. It, in other words, is something worth investing in.

By Veerakumar Natarajan, Country Head – Kenya, Zoho Corp.