What are you looking for?
Data Protection Policy
Last Updated: February 20, 2025
Introduction
Mountain Top University (“MTU”) is committed to safeguarding the personal data of our students, staff, and stakeholders. In compliance with the Nigeria Data Protection Act (NDPA) 2023 and the General Data Protection Regulation (GDPR), this policy outlines how we handle information-processing activities to ensure privacy, security, and legal compliance.
Purpose
The purpose of this document is to describe MTU’s responsibilities regarding the protection of personal data and to ensure that all institutional data processing aligns with national and international regulatory standards.
Principles of Data Processing
MTU adheres to fundamental principles ensuring that personal data is:
- Processed with fairness, lawfulness, and transparency toward the data subject.
- Collected only for specified, explicit, and legitimate purposes.
- Accurate and kept up to date; inaccurate data is erased or rectified without delay.
- Processed and secured against unlawful or unauthorized processing and accidental loss.
Rights of the Data Subject
Data subjects are entitled to exercise their rights within the following timescales as mandated by the NDPA and GDPR:
| Data Subject Request | Timescale |
|---|---|
| Right to be Informed | Within one month |
| Right of Access | One month |
| Right to Rectification | One month |
| Right to Erasure | Without undue delay |
| Right to Restrict Processing | Without undue delay |
| Right to Data Portability | One month |
| Right to Object | On receipt of objection |
Lawfulness of Processing
MTU identifies six alternative bases for lawful processing:
Consent
Obtained explicitly from the subject (or parental consent for those under 16).
Contract
Required for the fulfillment of a contract (e.g., employment or admissions).
Legal Obligation
Necessary to comply with the law (e.g., taxation or statutory reporting).
Public Interest
Necessary for tasks performed in the interest of the general public.
Data Protection by Design & Breach Notification
MTU adopts Data Protection by Design, ensuring systems minimize data collection and undergo regular Impact Assessments (DPIA).
In the event of a personal data breach, MTU follows strict incident response procedures. We are obligated to inform the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach.
Governance & Responsibilities
Data protection is a collective responsibility at MTU:
- University Management: Ensures objectives and compliance plans are reviewed annually.
- Data Protection Officer (DPO): Has the authority to intervene in all aspects of information security and compliance.
- Employees & Stakeholders: Must remain aware of security risks and respect all institutional privacy policies.
Contact Information
Data Protection Officer (DPO)
As a Data Controller of Major Importance, we have appointed a Data Protection Officer:
Email: [email protected]
Nigeria Data Protection Commission (NDPC)
Website: www.ndpc.gov.ng
Email: [email protected]