By Ijeoma Olorunfemi, News Agency of Nigeria (NAN)
As the world continues to morph into a global village, interaction and transactions are fast moving into the digital arena. In modern era, the internet has become the centre piece of financial, social and economic interaction.
E-governance, e-banking, interconnectivity, among others are the order of the day. Against this background, the importance of data protection and safeguarding internet users’ privacy has become critical.
Governments, financial institutions, businesses, individuals need to realise and prioritise robust data protection measures to build online trust, secure the cyber space and work towards the development of digital economy.
The Nigeria Data Protection Commission (NDPC), Nigeria’s cyber protection Caesar has recorded strides in ensuring the regulation of data protection, building capacity of data protection officers and licensing Data Protection Compliance Organisations (DPCO).
By so doing, it is positioning Nigeria at the apex in data protection governance in Africa.
A review of the commission’s activities in 2025 showed that one of the landmark achievements was the domestication of Data Protection Officers’ (DPOs) certification, a move aimed at strengthening professional competence within the data protection ecosystem.
Dr Vincent Olatunji, National Commissioner, NDPC, said the commission domesticated certification for Data Protection Officers (DPOs) with the inauguration of the National Certification Programme.
This saw the training of 500 DPOs in the first cohort which targeted bridging the deficit in data protection.
“This domestication reduced pressure on the naira by limiting the need to purchase foreign currency for international certification.
“The training was geared towards bridging digital skills gap as projected by the World Economic Forum that said 92 million jobs would be lost in six years,’’ he told the News Agency of Nigeria (NAN).
The commission, also after a survey of data controllers and processors found that no fewer than 500,000 data controllers and processors lacked requisite skills to certified as DPOs.
Olatunji said the commission certified hundreds of DPOs nationwide which had significantly expanding Nigeria’s pool of qualified privacy professionals and supporting the effective implementation of the Nigeria Data Protection Act (NDPA) across sectors.
NDPC also hosted the Network of African Data Protection Authorities (NADPA) conference and annual general meeting, thereby promoting continental cooperation, knowledge exchange, and alignment of data protection regulatory frameworks among African data regulators.
Themed: “Balancing Innovation, in Africa: Data Protection and Privacy in Emerging Technologies,’’ the conference drew participants from no fewer than 30 African countries, Europe, Asia, Middle East and the U.S.
The data protection commission seems to be on top of the game but challenges persist.
An ICT expert, Mr Jide Awe, canvassed targeted awareness campaigns to raise education on data protection.
Awe, also a Science, Technology and Innovation (STI) Policy Advisor, gave the recommendation on Friday in an interview with the News Agency of Nigeria (NAN) in Abuja.
“Many people are not aware of the right to access, control their personal information, the potential risks associated with data breaches and misuse.
“Targeted awareness campaigns are recommended; tailored to different groups considering their specific risks and needs,” says Awe, a Science, Technology and Innovation (STI) Policy Advisor in a media report.
But Olatunji says the commission has inaugurated its Virtual Privacy Academy (VPA), a Nollywood-styled initiative tailored to deliver structured online training, awareness programmes and professional development courses to build data protection and expand privacy education.
“The NDPC received study tour delegations from eight African countries, shared Nigeria’s regulatory experience, institutional frameworks, practical lessons in establishing and operating an effective data protection authority.’’
In July 23, Somalian Data Protection Authority came on a study tour to Nigeria, Uganda Data Protection Authority also visited in August 5, while Botswana, Kingdom of Eswatini, Mozambique, Sierra Leone, Tanzania and the Gambia also came for study tour in September.
Part of the regulations initiated by the commission included NDP-Act General Application and Implementation Directive to provide regulatory clarity, operational guidance and enforceable standards for compliance with the NDPA.
Olatunji recalled the commission also facilitated the translation of the NDPA into the three major local languages of the country, Igbo, Hausa and Yoruba to improve accessibility and provide better understanding of data protection to citizens even to the grass root level.
“NDPC conducted targeted capacity-building programmes for Ministries, Departments, and Agencies to enhance institutional compliance, data governance practices and the responsible handling of citizens’ personal data.
“The commission received multiple recognitions, including Outstanding Data Protection Authority of the Year at the Picasso Awards Africa, affirming its leadership, regulatory impact, and commitment to data protection excellence,’’ he said.
The National Commissioner said the commission signed series of Memoranda of Understandings with different institution to boost its data privacy protection campaigns.
They include Data and Knowledge Information Privacy Protection initiative, Master Card, Digital Africa Consult, Bauchi State Government, Smart Comply Technologies Solutions Limited and the Information Systems Audit and Control Association (ISACA).
He reiterated the commission’s commitment to build crop of citizens, data subjects who were aware of how to deal with their information, data, while supporting innovation and digital growth.
There is also the issue of legislative frameworks which many experts say remains weak.
According to Alabi Sunday, former chairman of the Nigeria Computer Society Abuja Chapter, collaboration in the key to addressing this challenge
“There should be collaboration with media outlets, schools, and community organisations to reach a wide audience.
“The relevant stakeholders should invest in training programmes for government officials, businesses, and individuals to enhance their understanding of data privacy principles and practices and encourage the development of local expertise in data protection.
He also advocated the establishment of mechanisms for monitoring and enforcing compliance with data protection laws and imposing penalties for organisations that failed to adequately protect personal data or violate data protection regulations.
“There should be policies that require certain types of sensitive data to be stored locally to ensure better control and protection.
“By addressing these areas, the Nigerian government and stakeholders can contribute to a more robust and privacy-conscious environment for individuals and businesses alike,” he said.
“Many people are not aware of the right to access, control their personal information, the potential risks associated with data breaches and misuse.
“The Nigeria Data Protection Strategic Roadmap and Action Plan (NDP-SRAP) 2023-2027, charts Nigeria’s course on data privacy and building a trusted digital ecosystem.
“It outlines specific steps to address awareness and capacity building and a multifaceted approach in line with these strategies could be highly effective.
“Targeted awareness campaigns are recommended; tailored to different groups considering their specific risks and needs.’’
“With the developments in digital communication and social media, users’ personal data have been more exposed to the public than before,” he said.
However, Abdulmalik Muhaimin of Chesslaw Consult, said though more frameworks were needed the most important was the religious enforcement of available data protection laws.
He spoke at the 7th Privacy Symposium, Africa, held in Lagos State, Nigeria, with the theme, ‘Bridging Policy, Technology and Societal Dynamics.
The event was organised by Unwanted Witness and co-hosted by the NDPC, National Data Protection Commission of Centre for Information Technology and Development (CITAD) and Data Protection Lawyers Association of Nigeria (DPLAN)
“One of the things we should consider is a uniform data privacy law to help with compliance obligations so that organisations don’t have to start checking what the specific differences are”, he said. (NANFeatures)
