Only 30% of Nigerian businesses are aware of privacy laws governing their marketing activities, despite Nigeria Data Protection Regulation (NDPR) being in effect since 2019.
This revelation is contained in a survey conducted by WorldWideWorx and commissioned by a global technology company, Zoho.
The survey also revealed that even though businesses are concerned about the privacy of customer’s data in the hands of third-party vendors, they are reliant on them for revenue generation and gathering customer insights, making it harder for them to move away.
According to WorldWideWorx CEO, Arthur Goldstuck, the lack of awareness about the law is largely because these regulations are not part of business-critical activities like taxation and licensing.
However, 78% of the businesses indicated that they have well-documented policies for customer data protection. “This is likely following fear of NDPR violation, which has made headlines in Nigeria,” said Goldstuck, even as only 60% are strictly applying them.
Of the 319 businesses surveyed across various industries and sizes, 45% said they allow third-party trackers on their website, mostly to share content on social media (62%) and gather analytics on their website visitors (35%).
There is also heavy dependence on digital ad platforms. The respondents believe that keyword search ads (59%) and social media ads (52%) are quite effective for customer conversion. In fact, 78% of businesses said the third-party ad platforms either help them meet or are a primary factor in achieving their sales goals.
Given this reliance on third-party vendors, it is no wonder then that, even though 85% of businesses express concern over the use of their customer’s data, they are largely either ‘comfortable’ or ‘neither comfortable nor uncomfortable with the platforms.
Even the 18% who are ‘uncomfortable’, state that they cannot move away from the platforms as they are crucial to their business or that it is too complex to move away. Interestingly, 24% of businesses reported that they do not completely understand how third-party trackers and ad platforms utilise the collected customer information.
“When businesses choose to use a free tracker, they are paying for it with their consumer’s data,” said Andrew Bourne, Regional Manager for Africa, Zoho.
“At Zoho, we refer to this practice of third-party trackers collecting data without user knowledge as adjunct surveillance. Presently, Nigerian businesses turn a blind eye to this passive data collection by trackers, most likely, because they are dependent on them for revenue.
“However, consumers will eventually trust companies with transparent privacy policies that protect their personal information. Businesses hoping to stay relevant in the long term will need to either rethink their reliance on third-party platforms or demand greater transparency and accountability from them.”
Zoho had removed third-party trackers from its website in 2020 and has never sold customer data to anyone or shown ads, even in their free products. Zoho also owns its data centres and the entire technology stack of its solutions. It can, therefore, assure its users of the highest standards of privacy and security.
Nigerian businesses believe that NDPR has had either no effect (39%) or a positive effect (42%). Their biggest concerns with the law are increased complexity (36%) and the increased cost of governance (34%). As per Goldstuck, the cost of governance will be a major concern for SMEs.
For context, all businesses in Nigeria (regardless of size) need to appoint a privacy/information officer to oversee the protection of customer information.
Larger businesses can appoint their CIOs or IT leads in this new role, while smaller businesses may have to appoint their managing directors or business owners in the same role. For smaller businesses, this can be a daunting task as the person in charge can be held personally liable for data leaks or breaches as per the law.
This study was conducted using Zoho Survey and Zoho Analytics.
