0

NDPC Advances Continental Data Protection Cooperation in Abidjan

As part of activities at the 2026 Network of African Data Protection Authorities – RAPDP (NADPA-RAPDP) Conference and Annual General Meeting (AGM), the Nigeria Data Protection Commission (NDPC) has signed two Memorandums of Understanding (MoUs) with fellow African data protection authorities in Abidjan, Côte d’Ivoire.

RELATED: Nigeria’s NDPC leads continental charge on data privacy at landmark Abidjan conference

Nigeria concluded agreements with the Morocco Data Protection Authority (CNDP) and the Gambia Information Commission (GIC).

These bilateral pacts strengthen regulatory cooperation across the continent. They also reinforce Nigeria’s leadership in harmonising data protection laws throughout Africa.Focus Areas of the MoUs

ADVERTISEMENT

The MoUs outline broad areas of collaboration, including:

  • Mutual legal assistance in cross-border data protection cases
  • Knowledge and capacity exchange
  • Information sharing to support enforcement actions
  • Alignment of regulatory standards to facilitate secure data flows

These measures are designed to strengthen trust, investor confidence, and regulatory certainty within Africa’s rapidly expanding digital economy.

NDPC: Cooperation Is Critical in a Connected Digital Economy

Speaking on the significance of the agreements, the National Commissioner and CEO of the NDPC, Dr Vincent Olatunji, expressed optimism that the MoUs would deepen regulatory harmonisation across multiple jurisdictions.

ADVERTISEMENT

According to him, the growing interconnectedness of the global digital economy makes structured MoU-based cooperation essential. This approach helps build trust, ensure regulatory compliance, and promote cross-border investment.

Signatories from Morocco and The Gambia

The MoUs were signed by Omar Seghrouchni, President of the CNDP, on behalf of Morocco, and Nene MacDouall-Gaye, Head of the GIC, on behalf of The Gambia.

Strategic Implications for Nigeria and Africa

For the NDPC, the agreements carry far-reaching regulatory and economic implications:

Cross-Border Enforcement and Extraterritorial Reach

The MoUs support Nigeria’s ability to apply the Nigeria Data Protection Act to foreign entities processing the personal data of Nigerians. Where violations occur, the agreements enable joint investigations and coordinated enforcement actions.

ADVERTISEMENT

Harmonised Digital Trade and Data Sovereignty

By aligning data protection standards, the partnerships promote secure cross-border data flows critical to Africa’s digital trade ambitions, while preserving national and regional data sovereignty.

Institutional Capacity Building

With The Gambia’s data protection framework still evolving, the MoU enables the GIC to benefit from Nigeria’s relatively mature regulatory experience, strengthening institutional capacity and enforcement capabilities.

Knowledge and Information Exchange

These frameworks facilitate ongoing peer-to-peer collaboration on emerging technologies like AI and cloud computing.

Additionally, they provide a mechanism for coordinated responses to cybersecurity threats and cross-border data challenges.

NDPC’s Role Under the AfCFTA Framework

The NDPC is at the forefront of continental efforts to harmonise cross-border data protection within the African Continental Free Trade Area (AfCFTA) framework.

Through regional peer exchanges and bilateral MoUs, the Commission is helping to ensure that cross-border data transfers are governed by clear legal safeguards.

Nigeria’s Legal Framework for Cross-Border Data Transfers

Under the Nigeria Data Protection Act 2023 and the General Application and Implementation Directive (GAID), transferring personal data outside Nigeria is now a regulated legal activity.

Organisations must rely on one of three statutory gateways:

  • Adequacy Decisions issued by the NDPC
  • Cross-Border Data Transfer Instruments (CBDTIs) such as standard contractual clauses or binding corporate rules
  • Specific Derogations, including explicit consent or public interest grounds

The NDPC also mandates that accountability follows the data, requiring tools such as Data Protection Impact Assessments (DPIAs) and Registers of Processing Activities (ROPAs) for high-risk transfers.

Highlights of the 2026 NADPA-RAPDP Conference and AGM

The 2026 Conference and AGM held in Abidjan, Côte d’Ivoire, from May 18 to 20 marked the 10th anniversary of the network. Key outcomes included:

  • Theme: “The Regulation of Innovative Technologies: Issues, Challenges and Prospects for Data Protection Authorities in Africa”
  • New Leadership: Election of Faustino Varela Monteiro as President, with Patricia and Tsi Tsi Mariwo as Vice Presidents
  • Abidjan Declaration: Adoption of a strategic doctrine to guide African digital governance from 2026 to 2030
  • Bilateral Cooperation: NDPC’s MoUs with Morocco and The Gambia to strengthen cross-border data privacy enforcement.

More in News

You may also like