Techpoint Africa is now NDPR compliant; here’s how we beat the June 30 deadline

by | Jul 7, 2020

In line with the provisions of Nigeria’s National Information Technology Development Agency (NITDA), Techpoint Africa has fulfilled compliance requirements for the Nigeria Data Protection Regulation (NDPR).

The NDPR, which was released on January 25, 2019, provides a broad framework for safeguarding the rights of individuals to data privacy.

Individuals and businesses alike are gradually moving online. But surfing the web without regards to data privacy is like going onto a battlefield without any armour.

Though most people do not seem to care who has access to their data, in this article, we peeked into the mind of a hacker to understand why data privacy should be taken seriously.


In January 2019, NITDA set a three-month deadline for NDPR compliance. However, one month after the deadline, several startups had still not met the requirements.

The ICT development agency has since made other deadlines for companies to comply, with June 30, 2020, being the most recent.

Techpoint Africa has gone through the regulatory compliance check and we discovered that the NDPR compliance is a continuous process.

In a chat with Enyioma Madubuike, co-founder of Lawrathon; and Muyiwa Matuluko, our co-founder, they reveal how we beat the June 30 deadline.

Why is being NDPR compliant important for Techpoint Africa?

Based on this earlier article, any company that processes personal data is recognised as a data controller. When NITDA released the NDPR, some organisations might have wondered if it applied to them.

“Even before the NDPR was instituted, Techpoint Africa has always taken data privacy seriously,” says Muyiwa Matuluko, co-founder and editor-in-chief of Techpoint Africa.

This is linked to the fact that Techpoint Africa handles the data of past event attendees, those who have purchased our reports, data of team members, and subscribers, etc.

Who was involved in the check?

It involved a licensed Data Protection Compliance Organisation (DPCO) sanctioned by NITDA to submit the final audits. In our case, it was TechHive Advisory. Lawrathon partnered with the DPCO to make this happen.


How much did it cost?

Submitting to NITDA costs ₦50,000 ($129.79). In addition to that, the DPCO charges a fee, that you both agree on, to interface with NITDA on your behalf.

What were the steps involved?

The compliance check involved a thorough audit of Techpoint Africa’s data flow processes. Madubuike reveals that the NDPR compliance check involved quite a number of processes.

“Lawrathon started with an audit of the Company’s data flow processes. This means that we sought to understand how the Company collects, uses, shares, transfers, and exchanges data both within and outside the Organisation. This involved interviewing every department to get a view of their data practices,” he explains.

“The preliminary audit revealed gaps within the Company’s data handling processes which led to the development of new policies, creation of new processes, and knowledge development schedules to keep key employees informed of best practices.”

What kind of data was analysed?

The compliance check involved analysing different types of personal data, which warranted different kinds of safeguards and policies.

“We analysed personal identifiable information collected and used by the Organisation,” says Madubuike.

Personally identifiable information (PII) is any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records.

Also falling under PII is any other information that is linked or linkable to an individual, such as medical, educational, financial, or employment records.

Examples of PII include, but are not limited to:

  • Name: full name, maiden name, mother’s maiden name, or an alias.
  • Personal address information: street address or email address.
  • Personal telephone numbers
  • Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting.
  • Biometric data: retina scans, voice signatures, or facial geometry.
  • Information identifying personally owned property: VIN number or title number.
  • Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person.

How long did the NDPR compliance check take?

The compliance check process took about two weeks.

“We started in the middle of June and submitted the final audit to NITDA by the 26th,” Madubuike reveals.

Did it bring any change in privacy policies?

Lawrathon updated Techpoint Africa’s privacy policies, data protection, and retention policies.

“We are also looking to incorporate best practice in data handling within the organisation through constant training and internal self-reporting procedures,” Madubuike says.

What safeguards were put in place?

Proper data breach detection process and the appointment of a data protection officer (DPO).

As a consequence of the audit, Techpoint Africa is looking to set up better systems for personal data collection, use, and transfer. Also, the appointment of a data protection officer within the Organisation will ensure proper processes for data breach detection and notification are in place.

According to Madubuike, the DPO will also lias with the DPCO on behalf of the company.

“We did a full data flow mapping of Techpoint Africa’s data collection, processing, storage, and transfer flow. We prepared a full audit report for the team. We also prepared a new privacy policy and data protection/retention policy as we set up internal processes to ensure data privacy best practice,” Madubuike explains.

“We are definitely more conscious of how we particularly handle offline data now. Thankfully, we have a safe but there are still a few processes and systems we need to put in place,” Matuluko explains.

Is the compliance process over?

No, it is an ongoing process.

While Techpoint Africa has met the requirements to audit its handling of personal data in line with NITDA regulations, compliance is an ongoing process. Yearly data privacy audits have become a requirement for Nigerian companies and Techpoint Africa, like many other similar companies, must continue to tune its systems to attain best data privacy practices.

Featured Image Credit: wuestenigel Flickr via Compfight cc

Emmanuel Paul
Emmanuel Paul

Writer and narrator of technology, business and policies in Africa . Looking to chat? Catch up with me (@eruskkii) on Twitter or send a mail to

Are you in tech and you are looking at getting a foreign remote job or you want to move abroad? Fill this form and you will get the BEST resources to help you get that high paying remote job as well as japa easily! WAGMI!

Notify of
Inline Feedbacks
View all comments

Recent News

Kenya’s digital products for PwDs

Kenya’s digital products for PwDs

On #TechpointDigest, Victoria Fakiya (@latoria_ria) discusses what Jumia’s partnership with CGAP could mean, and Kenya’s digital products for people with disabilities.

Reclaiming stolen African artefacts

Reclaiming stolen African artefacts

On #TechpointDigest, Victoria Fakiya (@latoria_ria) discusses how Traction wants to stop fake alerts, Canza Finance’s journey, Esaal’s $1.7m seed round, and JABU’s $15m series A.

[PODCAST] Relooting African art with NFTs

[PODCAST] Relooting African art with NFTs

What do you think about an NFT project that wants to reclaim Africa’s lost artefacts? Well, the editorial team had some interesting thoughts, and you can listen to this and other stories on today’s episode of #TechpointAfricaPodcast.

$2 million to drive learning via WhatsApp 

$2 million to drive learning via WhatsApp 

On #TechpointDigest, we discuss how major players in the African mobility space can change the mobility narrative, FoondaMate’s $2 million funding, Twitter Create, and AMP’s $5.6 million seed round.

Subscribe to Techpoint Digest!

A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day!

Please check your email to confirm your subscription.

Subscribe to Blockchain Explorer

Analysis oninnovation, regulations, and trends inthe blockchain sector, as it concerns Africa

Please check your email to confirm your subscription.

Subscribe to The Experts

A bi-weekly where tech career specialists take us on their journey from newbie to expert, and how they became successful in the industry.

Please check your email to confirm your subscription.

Subscribe to Founder's Table

A monthly series, where we catch up with founders in the startup ecosystem, learn about their failures, successes and a few tricks of the trade

Please check your email to confirm your subscription.

Copy link
Powered by Social Snap