Security Policy

Effective Date: 2024

Introduction 

IVAN Research Institute is committed to ensuring the privacy and security of all personal data collected, processed, and stored in line with the Nigerian Data Protection Regulation (NDPR) and other relevant laws. This policy outlines our approach to safeguarding data and protecting the privacy of individuals whose data we handle.

Data Collection and Processing 

We collect and process personal data only for legitimate purposes, including research, analysis, and operational activities. The data we collect will be limited to what is necessary for the specific purposes and will be handled in a lawful, fair, and transparent manner.

Data Security Measures 

To ensure the confidentiality, integrity, and availability of personal data, we have implemented robust security measures, including but not limited to:

• Encryption: All sensitive data is encrypted both at rest and in transit to prevent unauthorized access.
• Access Control: Access to personal data is restricted to authorized personnel only, based on the principle of least privilege.
• Regular Audits: We conduct regular security audits and vulnerability assessments to identify and mitigate potential risks.
• Data Minimization: We ensure that only the necessary amount of data is collected and stored, reducing the risk of data breaches.

Data Subject Rights 

In compliance with the NDPR, we respect and uphold the rights of data subjects, including:

• Right to Access: Data subjects have the right to request access to their personal data held by the Institute.
• Right to Rectification: Data subjects can request corrections to any inaccurate or incomplete data.
• Right to Erasure: Under certain conditions, data subjects can request the deletion of their personal data.
• Right to Data Portability: Data subjects can request the transfer of their data to another organization in a structured, commonly used format.

Data Retention 

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Once the retention period has expired, data is securely deleted or anonymized to protect individuals’ privacy.

Data Breach Notification 

In the event of a data breach, IVAN Research Institute will take immediate steps to contain and assess the breach. If the breach poses a high risk to the rights and freedoms of data subjects, we will notify the affected individuals and the relevant regulatory authorities within 72 hours, as required by the NDPR.

Third-Party Data Sharing 

We do not share personal data with third parties except where necessary for our operations, and only with parties who have demonstrated compliance with relevant data protection laws. All third-party partners are required to sign data protection agreements to ensure the security of shared data.

Training and Awareness 

All staff members at IVAN Research Institute undergo regular training on data protection principles, security practices, and their responsibilities under the NDPR. This ensures that our team is equipped to handle personal data securely and in compliance with legal requirements.

Policy Review 

This Security Policy is reviewed regularly to ensure continued compliance with the NDPR and to address new security challenges. Updates to the policy will be communicated to all stakeholders.

Contact Information 

For inquiries, concerns, or requests regarding this Security Policy or our data protection practices, please contact:

IVAN Research Institution Data Team, submit your queries through this email: admin@ivaninstitute.org