Data Protection

Last updated: April 16, 2026

Our Data Protection Commitment

iDOFF is committed to protecting your organization's data with the highest standards of security and compliance. We implement comprehensive data protection measures that meet international standards while respecting Nigerian data protection laws.

1. Data Security Measures

We employ multiple layers of security to protect your data:

Technical Safeguards

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication for all admin accounts
  • Regular security audits and penetration testing

Physical Safeguards

  • Secure data centers with 24/7 monitoring
  • Biometric access controls and surveillance
  • Redundant power and cooling systems
  • Fire suppression and environmental controls

2. Data Classification and Handling

We classify and handle different types of data according to their sensitivity:

🔴 Highly Sensitive Data

Payment information, medical records, personal identification

  • • Encrypted with highest security standards
  • • Access restricted to authorized personnel only
  • • Audit logs for all access attempts

🟡 Moderately Sensitive Data

Attendance records, contact information, organizational data

  • • Standard encryption and access controls
  • • Role-based access permissions
  • • Regular backup and recovery procedures

🟢 General Data

Public organization information, system logs, analytics

  • • Basic security measures applied
  • • Limited access based on business need
  • • Standard retention policies

3. Access Controls and Authentication

We implement strict access controls to ensure only authorized individuals can access your data:

  • Role-Based Access Control (RBAC): Users only access data necessary for their role
  • Multi-Factor Authentication: Required for all administrative accounts
  • Session Management: Automatic logout and session encryption
  • Audit Logging: All access attempts and data modifications are logged

4. Data Backup and Recovery

We maintain comprehensive backup and disaster recovery procedures:

  • Automated daily backups with encryption
  • Geographically distributed backup storage
  • Regular recovery testing and validation
  • 99.9% uptime guarantee with rapid recovery procedures

5. Compliance and Certifications

iDOFF complies with relevant data protection regulations and standards:

  • Nigeria Data Protection Regulation (NDPR) compliance
  • GDPR compliance for international operations
  • ISO 27001 information security management
  • SOC 2 Type II compliance for service organizations

6. Incident Response and Breach Notification

In the unlikely event of a security incident, we have established procedures:

  • 24/7 security monitoring and incident detection
  • Immediate containment and investigation procedures
  • Customer notification within 72 hours of discovery
  • Regulatory reporting as required by law

7. Data Subject Rights

We respect and facilitate the exercise of data subject rights:

  • Right to Access: Request copies of personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of personal data
  • Right to Portability: Export data in machine-readable format

8. Contact Our Data Protection Officer

For any data protection concerns or to exercise your rights, contact our Data Protection Officer:

Email: dpo@idoff.com

Phone: +234 (0) 123 456 7890

Address: Data Protection Officer, iDOFF, Lagos, Nigeria

Response Time: Within 30 days of receipt

Back to Home