By Tracy Yekaghe

  • Compliance in the public sector hovers around 49%
  • NDPC focusing on awareness, capacity building and standardisation
  • Global investors now seeking countries’ data compliance

The Nigeria Data Protection Act, 2023 will improve the country’s global data privacy ranking and endear it to investors, National Commissioner, Nigeria Data Protection Commission (NDPC),  Dr. Vincent Olatunji told the media at the weekend during an online interaction.

RELATED: Nigeria Data Protection Act is milestone progress at balancing privacy and innovation

He said the new law signed early June by President Bola Tinubu is a significant shift to regaining global confidence not only in Nigeria’s emerging digital economy but also in the new efforts of the current administration to drive development and boost the economy with investments and new jobs


Dr Vincent Olatunji during the online media meet


Nigeria’s new data legislation draws inspiration from the General Data Protection Regulation (GDPR) operational across all of the European Union (EU) and is touted as the global benchmark.

According to Olatunji, statutory global bodies like the World Bank and international investors now consider data protection legislation and level of compliance as standard requirements for investments.

For now, data privacy compliance in the public sector hovers around 49%, the privacy watchdog said. But the new law should further accelerate the compliance level in also the private sector where the NDPC has demonstrated increasing willpower for enforcement against breaches.


He said the data protection and privacy ecosystem is still in its infancy despite commendable tractions achieved since 2019 when the country first launched the Nigeria Data Protection Regulation (NDPR). Now, with an Act of Parliament, Olatunji charted three key areas the commission will be working on to foster a national culture of data protection.


According to Olatunji, it is not enough to have a law and people do not even know that it exists or what it entails. Data subjects need to know their rights, while data controllers and processors, on the other hand, should know their obligations to their data subjects.

“We intend to cover all the subjects, even those in the villages so they understand what we are talking about when it comes to data protection,” said Olatunji even as he stressed that the NDPC sees public awareness as the initial step towards compliance. The commission will be embarking on aggressive public awareness campaigns working with partners including the media to enlighten individuals and organisations on rights, roles and responsibilities as set out in the Act.

Capacity Building

“I am sure you must have heard severally that this is an ecosystem that will create jobs that will make us globally competitive and it is really important to say; we want to be globally competitive to have competent professionals who will participate in building this ecosystem,” noted Olatunji while he added that the commission will further execute training programmes for Data Protection Officers (DPOs) to improve capacity of organisations and individuals within such organisations to respond adequately to the technical and regulatory nuances of data-protected environment. The NDPC will be achieving some of these objectives under the National Data Protection Adequacy Programme (NaDAP).

To breakdown the law into framework

According to Olatunji, “one of the responsibilities of the Commission is to promote the advancement of technologies that protect personal data, following established international standards, and to ensure that data protection obligations are met.”  To this effort, he said the commission will be working to firm up on an implementation a standardised framework allowing every part and section of the law to be broken down into specific activities for people to fully understand “what we intend to do going forward with the law that Mr. President has graciously signed.” The objective is to ensure consistency and clarity in respect to the implementation of data protection standards across all sectors all of which will involve issuing guidance notices on key provisions of the law as they relate to the lawful basis of data processing, data subjects’ rights, compliance audit returns, and cross-border data transfer.

More in News

You may also like