1. Establishment of the Bureau
In due cognizance of the emerging international norm in respect of safeguarding the rights of data subjects to privacy as well as strengthening data sovereignty through adequate Data Protection framework, the President and Commander-in-Chief, Muhammadu Buhari, GCFR approved the creation of the Nigeria Data Protection Bureau on the on 4th Of February 2022.
2. Mandate of the Bureau
Implementation of the Nigeria Data Protection Regulation (NDPR) and regulation of the processing of personal information to guarantee the rights, privacy, and freedoms of Nigerians in the global digital economy.
3. Objectives of Nigeria Data Protection Regulation (NDPR)
The Objectives of the NDPR being implemented by the Bureau are as follows:
- To safeguard the rights of natural persons to data privacy.
- To foster safe conduct for transactions involving the exchange of Personal Data.
- To prevent manipulation of Personal Data; and
- To ensure that Nigerian businesses remain competitive in international trade through the safeguards afforded by a just and equitable legal regulatory framework on data protection and which is in tune with best practice.
We were formally established on the 4th of February 2022. However, we were able to accomplish a considerable level of traction over the past few months. Please find below our list of achievements:
i. Official Launch of Nigeria Data Protection Bureau (NDPB) Logo, Website, and Core Values:
ii. Capacity Building for NDPB staff:
The Bureau in partnership with key organisations conducted the following key capacity-building trainings for NDPB Staff:
- Huaweii Training on Government Cloud Implementation and Data Protection Implementation Regulation.
- Infoprive Training on Data Protection and Data Privacy
- Mastercard Training on Data Protection and Cyber-Security.
- Soft Skills Training facilitated by Dr. Noel Akpata.
- Institute of Information Management Training in Records and Information Management.
- Media Campaign Training by SIDMACH
- Training on Public Service Regulatory Framework by Oluwole Edun
- Training on Data Protection and Cyber-Security by Meta
- Training on Data Privacy and Protection by NCC in partnership with
- Training on Privacy Information Management Systems by Digital Encode
iii. Capacity Building Training for key organizations:
- Data Protection and Privacy Training for staff of Nigeria Television Authority
- Data Protection and Privacy Training for staff of Federal Polytechnic Owerri (to be conducted)
- Data Protection and Privacy Training for staff of Voice of Nigeria (to be conducted).
- Data Protection and Privacy Training for Office of the Secretary to the Government of the Federation. (to be conducted).
iv. Visits to Key Data Controllers in the country:
Since the creation of the Bureau, it has embarked on strategic engagements and consultations with stakeholders (professionals, civil society organizations, development partners, the international community, etc.) to raise awareness on Data Protection and Privacy in the country. The Bureau has visited over 35 data controllers thus far. Some of which are listed below:
- National Identity Management Commission (NIMC).
- Ecosystem Coordination and Strategic Unit (ECSU)(ID4D).
- Nigeria Postal Service
- National Insurance Commission (NAICOM)
- Embassy of Finland
- Corporate Affairs Commission
- Federal Competition & Consumer Protection Council
- National Pension Commission
- Federal Mortgage Bank
- Securities and Exchange Commission (SEC)
- Nigeria Social Insurance Trust Fund (NSITF)
- National Health Insurance Authority
- Office of the Accountant General
- Nigeria Police Force
- Nigeria Defence College
- Nigerian Television Authority
- Voice of Nigeria
- National Lottery Regulatory Commission
- Independent Corrupt & other Related Offences Commission
- National Orientation Agency
- Nigeria Defence College
- Nigeria Television Authority
- Nigerian Communications Satellite Limite (NIGComSat).
- Office of the Secretary to the State Government
- Central Bank of Nigeria.
v. Registration of New Data Protection Compliance Organisations (DPCOs):
The Bureau currently has 103 Licensed DPCOs offering auditing, training, and consulting on data protection and privacy services. In order to meet the growing needs of the ecosystem, we have gone ahead to begin the registration of new Data Protection Compliance Organisations (DPCOs) through the NDPB Portal- (app.ndpb.gov.ng). The Bureau has set a target of registering forty-seven Data Protection Compliance Organisations before the end of the year.
vi. Enforcement Activities:
Sequel to the raid on Soko Loan that was conducted by the Federal Competition and Consumer Protection Commission (FCCPC), National Information Technology Development Agency (NITDA), Independent Corrupt Practices Commission (ICPC) and the NDPB in conjunction with the Nigeria Police Enforcement team on the 11th of March, 2022, FCCPC and NDPB identified the need to sign a Memorandum of Understanding to create a Joint-Task Force to continue to protect the best interests of Nigerian citizens. The Joint-Task Force with FCCPC was inaugurated on the 3rd of June 2022 and is currently working together to identify the best ways to curb the activities of lending companies in the country.
The Bureau has also issued out compliance notices to various organizations across sectors such as the telecommunication, finance, and health industries. We are also working with the Police investigation team to conduct investigations against companies that have violated the provisions of the NDPR.
vii. Development of Nigeria Data Protection Act:
The Nigeria Data Protection Bureau in collaboration with World Bank, European Investment Bank and French Development Agency, and other relevant partners are working closely together to develop and ensure the passage of the Nigeria Data Protection Act. We have conducted various policy dialogues and engagements with key stakeholders to review the Data Protection Bill.
viii. International Collaborations:
The National Commissioner has attended several international events to speak about Data Protection and Privacy in Nigeria these events include: Data Protection Conference 2022 in Kenya, ID4Africa Annual General Meeting and Conference in Morocco. The Bureau is also engaging with key organizations such as European Union, African Union, Bill and Melinda Gates Foundation, Network of Africa Data Protection Authorities, Meta, Google, Mastercard etc and is exploring means of partnerships to promote the data protection and privacy ecosystem in Nigeria.
ix. Development of the Strategic Road Map Action Plan 2023-2027
The Bureau has also completed its first draft of its Strategic Road Map Action Plan 2023-2027. The SRAP document is a 5-year strategic roadmap (2023-2027) for the Bureau and the country in line with the Fundamental Objectives and Directive Principles of State Policy, Chapter 2 1999 Constitution of the Federal Republic of Nigeria; National Digital Economy Policy and Strategy; Nigeria Data Protection Regulation (NDPR) 2019; NDPR Implementation Framework and other local or international instruments that the Committee may consider appropriate.
The committee is led by the chairmanship of Mr. Abdul-Hakeem Ajijola and is currently working on conducting a validation workshop to engage stakeholders to review and amend the first draft.
It should be noted that the Bureau’s core values are: Accountability, Integrity, Fairness, and Transparency. In order to promote the digitization of government services, we encourage people to contact us using the official email addresses and phone numbers, but we nevertheless have an open-door policy that permits individuals to drop in and discuss issues and receive clarification. Furthermore, the Bureau has a fully functional website; www.ndpb.gov.ng which provides our contact information and social media handles. Members of the public may follow NDPB on our social media platforms by clicking on the links below: