The NDPC, by a Compliance Notice, has announced the commencement of investigations into suspected non-compliance with the Nigeria Data Protection Act 2023 (NDPA). The focus is on organisations operating in the insurance, pension, gaming, banking, and insurance brokerage sectors.
Organisations in these sectors are required to comply, within twenty-one (21) days of the Compliance Notice (that is, by 14 September 2025), by providing the following:
- Evidence of filing their compliance audit returns;
- Evidence of appointment of a Data Protection Officer (DPO), including the name and contact details of the DPO;
- A summary of technical and organisational measures for data protection; and
- Evidence of registration as a Data Controller or Processor of Major Importance, if applicable.
Failure to comply may result in enforcement orders, administrative fines, and possible criminal prosecution.
While the current focus of the NDPC is on organisations in the aforementioned sectors, all data controllers and processors should also ensure full compliance with the provisions of the NPDA.
For further information, please contact: [email protected]