The Nigeria Data Protection Commission (NDPC) is a statutory body dedicated to regulating and ensuring data privacy across Nigeria.
Established in 2022 under the Federal Government’s jurisdiction, the commission is headquartered at No. 12 Clement Isong Street, Asokoro, Abuja. Its mandate is centered around implementing the Nigeria Data Protection Regulation (NDPR), introduced in 2019 as a subsidiary legislation under the NITDA Act of 2007.
The NDPC’s primary mission is to safeguard individuals’ privacy rights while promoting responsible data management practices across various sectors. By enforcing compliance with data protection laws, the commission ensures that organizations handle personal data responsibly, covering the collection, processing, storage, and sharing of information.
The commission emphasizes transparency and accountability in data handling, offering guidance to organizations navigating the complexities of data protection. Public awareness campaigns further encourage citizens to understand their rights and responsibilities under these laws.
Building a Foundation for Privacy
The NDPC was born out of the pressing need for robust data protection mechanisms amidst Nigeria’s rapid digital transformation. In April 2022, the Nigeria Data Protection Bureau convened with representatives from the Nigerian Association of Chambers of Commerce, Industry, Mines, and Agriculture (NACCIMA) to develop strategies for addressing emerging data protection challenges.
By February 2023, the NDPC had partnered with Voice of Nigeria (VON) to align data protection initiatives with advancements in the Fourth Industrial Revolution (4IR). This collaboration focused on equipping organizations with the capacity to integrate emerging technologies while ensuring compliance with data privacy laws.
The NDPC has announced a stricter approach to enforcement, with penalties for non-compliance beginning in 2025. Dr. Vincent Olatunji, the National Commissioner, highlighted the shift:
“For data controllers and processors, there is going to be massive enforcement in 2025. We have never issued any fines, but going forward, you will hear us issuing heavy penalties.”
Organizations face fines based on their annual gross revenue or fixed penalties for failing to adhere to regulations.
Role of Data Protection Compliance Organizations
Data Protection Compliance Organizations (DPCOs) are integral to the NDPC’s regulatory framework. Licensed by the commission, these entities provide training, consulting, auditing, and support services to help organizations meet data protection requirements.
DPCOs assist businesses in implementing effective data management practices and navigating complex regulations, ensuring alignment with both local and international standards.
To promote accountability, the NDPC mandates registration for all data controllers and processors, including banks, telecom operators, insurers, and educational institutions. Dr. Olatunji emphasized:
“What we have in the law is that all data controllers and processors—and there are over 500,000 in Nigeria—should register with the data protection authority.”
Organizations must complete their registration by December 31, 2024, and submit annual compliance audit reports between January 1 and March 31.
The NDPC has also prioritized public awareness initiatives to educate Nigerians about their data protection rights. Outreach campaigns across states aim to equip citizens with knowledge on safeguarding personal information.
Dr. Olatunji also noted a growing demand for professionals skilled in data protection:
“There are a lot of data controllers and processors that are looking for people to work with them.”
The efforts mirror global trends emphasizing strong data protection frameworks. High-profile breaches involving companies like Meta, LinkedIn, and TikTok highlight the importance of compliance with privacy laws.
Join our Channel...