By 
The Nigeria Data Protection Commission (NDPC) has issued a Code of Conduct for Data Protection Compliance Organizations (DPCOs) in Nigeria signaling it will be focusing on enforcement drive in 2024.
RELATED: NDPC issues guidance notice to enforce data protection accountability
The privacy watchdog stressed in a virtual meeting this week with the DPCOs that the code of conduct was important to ensure professionalism among firms licensed to carry out compliance as a service.
“Adherence to rules and regulations are important to sanity and growth of the industry,” the National Commissioner/CEO of the NDPC, Dr. Vincent Olatunji, told the DPCOs while urging them to see their role in the implementation of the Nigeria Data Protection Act (NDPA) 2023 as a public trust which must be guarded with utmost sense of responsibility.
Olatunji noted the opportunities presented by the Act particularly the lawful use of data and job creation in data processing value chain.
The NDPA 2023 under section 33 vests the commission with the power to license persons having a requisite level of expertise, in relation to data protection and the Act, to monitor, audit and report on compliance by data controllers and data processors.
“This is a unique Public Private Partnership model which is designed to promote trust and confidence in Nigeria’s digital economy which – like other economies around the world – thrives on data processing,” Olatunji expressed in a statement signed by Head Media, NDPC, Itunu Dosekun.
In line with the Code of Conduct, the compliance services offered by DPCOs include:
- a) Awareness and capacity building
- b) Registration of the data controller or a data processor with the Commission;
- c) Development of compliance schedules;
- d) Implementation of compliance schedules;
- e) NDPA Compliance Audit and filing of Compliance Audit Returns with the Commission;
- f) Data Privacy Impact Assessment; and
- g) Facilitating and Vetting Data Privacy Agreement;
To operate as a DPCO and carry out compliance services, the commission must license a firm and it must have a verifiably certified data protection officer (DPO).
The commission as at November 2023 has licensed about 163 DPCOs. An umbrella body for the DPCOs is the Association of Licensed Data Protection Compliance Organisations of Nigeria (ALDAPCON).
While presenting the Code of Conduct to the DPCOs, the Commission’s Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, x-rayed the target objectives and the principles, particularly: Privacy Consciousness, Capacity Building, Accountability, Data Ethics and Corporate Social Responsibility.
He said all DPCOs will be held accountable in line with the provisions of the NDPA, the Code of Conduct and other regulatory instruments issued by the commission.
