The Nigeria Data Protection Regulations (NDPR)

The Nigeria Data Protection Bureau (NDPB) is statutorily mandated by the NITDA Act of 2007 to develop regulations for electronic governance and monitoring of the use of information technology and electronic data. Conscious of the concerns around privacy and protection of Personal Data and the grave consequences of leaving Personal Data processing unregulated, NDPB has issued the Nigeria Data Protection Regulation (NDPR). The NDPR provides legal safeguards for the processing of personal data. Under the NDPR, personal data must be processed in accordance with a specific, legitimate and lawful purpose consented to by the Data Subject. This Regulation applies to all transactions intended for the processing of personal data and to actual processing of personal data notwithstanding the means by which the data processing is being conducted or intended to be conducted and in respect of natural persons in Nigeria and it equally applies to natural persons residing in Nigeria or residing outside Nigeria but of Nigerian descent.

Data Protection Compliance



WHY DO YOU NEED A DPCO ?
The Nigeria Data Protection Regulation, 2019 (the “Regulation”) by Nigeria Data Protection Bureau (NDPB), requires companies and businesses that collect and process personal data of Nigerians for resident or non-resident) to engage the services of DPCO to conduct audits, in line with the provisions of the Regulation.

WHICH ORGANIZATIONS ARE REGULATED ?
Organizations (local or foreign) that collect or process the personal information of resident or non-resident Nigerians (such as names, email addresses, physical addresses, telephone numbers, bank details, or any personal information).

WHEN SHOULD YOU ENGAGE A DPCO ?
If you have data of up to 1000 Nigerians, you are mandated by law to engage the services of a DPCO for the purpose of auditing your data practices.

FINES FOR NOT COMPLYING
Organizations that fail to comply are at risk of a penalty of up to 2% of their annual gross revenue or 10 million naira (whichever is greater) issued by the NDPB, in addition to any criminal or civil liability.

Our Data Protection Compliance Services



DATA PROTECTION COMPLIANCE
Our data protection compliance service (DPCO Services) is designed to help organizations implement the requirements of the Regulations. We have developed a framework that organizations adopt to ensure their compliance with, not just the NDPR but with similar Data protection regulations of other countries.

DATA PROTECTION AUDIT
In carrying out our audit, we assess the data protection organizations meet and exceed the requirements of the NDPR. We also support organizations in implementing the recommendations including providing guidance on the preparation of the requisite data protection Business Requirement Documents (BRD) and policies to guide the organization.

TRAINING
We train key staff of organizations that have engaged our services including Data Protection Officers, Compliance Officers, IT Security Officers, Risk Managers amongst others and every staff member of the organization. Our training is carefully designed to enable your organization implement a suitable compliance framework necessary for the protection of personal data.

OUTSOURCED DATA PROTECTION OFFICER
We are also able to provide services as internal data protection officers (DPO Services) within an organization. In this case, a dedicated member of our team will be in charge of data management, conducting periodic training of staff, conducting regular data impact assessments and audits of each department in compliance with the NDPR and maintaining records of all data processing activities including other data protection activities.