By Ijeoma Olorunfemi, News Agency of Nigeria (NAN)
As the world becomes increasingly interconnected, interactions and transactions are rapidly moving into the digital space. Today, the internet is central to financial, social, and economic activities, with e-governance, e-banking, and interconnectivity driving the digital era.
Against this backdrop, data protection and safeguarding users’ privacy have become critical. Governments, financial institutions, businesses, and individuals must prioritize robust data protection measures to build online trust, secure cyberspace, and foster digital economic growth.
The Nigeria Data Protection Commission (NDPC), the country’s apex data protection authority, has made significant strides in regulating data protection, building the capacity of Data Protection Officers (DPOs), and licensing Data Protection Compliance Organizations (DPCOs). These efforts are positioning Nigeria as a leader in data protection governance in Africa.
A review of the commission’s 2025 activities highlighted the domestication of DPO certification as a key achievement, aimed at strengthening professional competence in the data protection ecosystem.
Dr Vincent Olatunji, National Commissioner at NDPC, said the commission inaugurated the National Certification Programme for DPOs, training 500 officers in its first cohort to address the skills deficit in the sector.
“This domestication reduces pressure on the naira by limiting the need for international certifications,” he told reporters. “The training also addresses the projected digital skills gap, as the World Economic Forum estimates that 92 million jobs could be lost in six years due to lack of skills.”
A survey by the commission found that over 500,000 data controllers and processors lacked the skills required to become certified DPOs. By certifying hundreds nationwide, NDPC has expanded Nigeria’s pool of qualified privacy professionals and strengthened implementation of the Nigeria Data Protection Act (NDPA) across sectors.
NDPC also hosted the Network of African Data Protection Authorities (NADPA) conference and annual general meeting, promoting continental cooperation, knowledge exchange, and harmonization of regulatory frameworks. The conference, themed “Balancing Innovation in Africa: Data Protection and Privacy in Emerging Technologies,” drew participants from over 30 African countries, Europe, Asia, the Middle East, and the U.S.
Despite progress, challenges remain. ICT expert and STI Policy Advisor, Mr Jide Awe, stressed the need for targeted awareness campaigns to educate citizens on their data rights and the risks of breaches.
In response, Olatunji said NDPC inaugurated its Virtual Privacy Academy (VPA), a Nollywood-styled online platform offering structured training, awareness programmes, and professional development courses to expand data protection literacy.
The commission has hosted study tours for data protection authorities from eight African countries, sharing Nigeria’s regulatory experience and operational frameworks. Countries such as Somalia, Uganda, Botswana, Eswatini, Mozambique, Sierra Leone, Tanzania, and The Gambia visited in 2025 to learn from Nigeria’s model.
NDPC has also implemented regulations including the NDPA General Application and Implementation Directive to provide operational guidance and enforceable compliance standards. The commission facilitated translation of the NDPA into Hausa, Igbo, and Yoruba, improving accessibility for citizens at all levels.
“The commission has conducted targeted capacity-building for Ministries, Departments, and Agencies to enhance compliance, data governance, and responsible handling of personal data,” Olatunji said. NDPC’s efforts have earned multiple recognition, including Outstanding Data Protection Authority of the Year at the Picasso Awards Africa.
NDPC has signed several Memoranda of Understanding with institutions such as MasterCard, Digital Africa Consult, Bauchi State Government, Smart Comply Technologies, and ISACA to strengthen data privacy initiatives.
Experts note that legislative frameworks remain weak. Alabi Sunday, former chairman of the Nigeria Computer Society Abuja Chapter, called for collaboration with media, schools, and community organizations to raise awareness, train officials and businesses, and develop local expertise in data protection.
He also advocated for mechanisms to monitor and enforce compliance, including penalties for organizations failing to protect personal data and policies requiring storage of sensitive data locally.
The Nigeria Data Protection Strategic Roadmap and Action Plan (NDP-SRAP) 2023–2027 outlines steps to build a trusted digital ecosystem, focusing on awareness, capacity building, and a multi-pronged approach to privacy protection.
Abdulmalik Muhaimin of Chesslaw Consult stressed that, beyond new frameworks, strict enforcement of existing data protection laws is crucial. He spoke at the 7th Privacy Symposium Africa in Lagos, themed “Bridging Policy, Technology and Societal Dynamics,” co-hosted by NDPC, CITAD, and the Data Protection Lawyers Association of Nigeria (DPLAN).
“One key measure is a uniform data privacy law to simplify compliance, so organizations do not have to navigate differing regulations,” he said, highlighting the importance of harmonized legal and regulatory standards to protect digital users.
