Nigeria data protection, March 15 compliance deadline: What you should know

by | Mar 11, 2020

In the age of digital, one of the most important regulatory crossroads is that of data privacy for online users.

Getting data privacy regulation right creates trust in online digital infrastructure which relies heavily on the collection of data for key decision making.

It is why the Nigerian Information Technology Development Agency (NITDA) should be applauded for steps to regulate the data collection and processing activities of Nigerian companies through the Nigerian Data Protection Regulations 2019 (NDPR).

Yet, as the March 15 2020 deadline stipulated for the submission of data protection audits approaches, many companies affected by the regulation still have not heard of it.


After pushing forward this deadline twice in 2019, NITDA looks determined this time to impose the relevant sanctions for non-compliance which range from penalties of up to 2% of the annual gross revenue of a non-compliant company, in addition to other penalties provided under the NDPR.

If you are like many companies just hearing about this regulation, please read our earlier article on the topic.

As you rush to comply, these are other things you should know

What is the relationship your organisation has with personal data?


computer data display documents 577210

The NDPR covers operations performed on personal data like collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, and so on.

You must identify the type of personal data your organisation collects. This will provide clarity on the most effective means to comply with the regulation.

Find a licensed Data Protection Compliance Officer (DPCO) to conduct an audit

NITDA does not accept audit reports by non-licensed auditors. Every audit report required under the regulation must be accompanied by a verification statement by a licensed DPCO.


Your financial auditor is also not allowed to audit your data protection activities even if it is a licensed DPCO due to conflict of interests.

In assessing your organisation’s data processing activities for the purpose of compliance…

… these are some of the questions that must be answered:

  • How is data collected?
  • Which department receives such data?
  • Why does the organisation process such data?
  • What are the security measures taken by the organisation to prevent data breach?

Is your organisation considered high priority by NITDA?

Because of the nature of certain organisations and their access to sensitive consumer data, NITDA considers them high priority as it pushes to drive compliance.

These organisations include: banks, telecommunication companies, Pension Fund Custodians and Pension Fund Administrators, insurance companies, fintechs, notable hospitals, and stock brokers.

If your organisation falls within these categories, it is important to start compliance processes immediately.

Train your employees

Data Protection compliance requires the effort of all the parts within your organisation because data collected is often used by different departments.

It is important that emoloyees are aware of the risks that come with handling people’s data and how to prevent unnecessary regulatory sanctions.

As March 15 approaches, these steps will keep organisations protected from drastic regulatory sanctions from NITDA for their data processing activities.

Enyioma Madubuike
Enyioma Madubuike

Enyioma Madubuike is a legal consultant with experience in providing support to companies in Africa, Europe and the Middle East. He leads the team at, a legaltech company providing 24/7 support to African technology businesses.

Are you in tech and you are looking at getting a foreign remote job or you want to move abroad? Fill this form and you will get the BEST resources to help you get that high paying remote job as well as japa easily! WAGMI!

Notify of
Inline Feedbacks
View all comments

Recent News

Kenya’s digital products for PwDs

Kenya’s digital products for PwDs

On #TechpointDigest, Victoria Fakiya (@latoria_ria) discusses what Jumia’s partnership with CGAP could mean, and Kenya’s digital products for people with disabilities.

Reclaiming stolen African artefacts

Reclaiming stolen African artefacts

On #TechpointDigest, Victoria Fakiya (@latoria_ria) discusses how Traction wants to stop fake alerts, Canza Finance’s journey, Esaal’s $1.7m seed round, and JABU’s $15m series A.

[PODCAST] Relooting African art with NFTs

[PODCAST] Relooting African art with NFTs

What do you think about an NFT project that wants to reclaim Africa’s lost artefacts? Well, the editorial team had some interesting thoughts, and you can listen to this and other stories on today’s episode of #TechpointAfricaPodcast.

$2 million to drive learning via WhatsApp 

$2 million to drive learning via WhatsApp 

On #TechpointDigest, we discuss how major players in the African mobility space can change the mobility narrative, FoondaMate’s $2 million funding, Twitter Create, and AMP’s $5.6 million seed round.

Subscribe to Techpoint Digest!

A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day!

Please check your email to confirm your subscription.

Subscribe to Blockchain Explorer

Analysis oninnovation, regulations, and trends inthe blockchain sector, as it concerns Africa

Please check your email to confirm your subscription.

Subscribe to The Experts

A bi-weekly where tech career specialists take us on their journey from newbie to expert, and how they became successful in the industry.

Please check your email to confirm your subscription.

Subscribe to Founder's Table

A monthly series, where we catch up with founders in the startup ecosystem, learn about their failures, successes and a few tricks of the trade

Please check your email to confirm your subscription.

Copy link
Powered by Social Snap