Speaking during the signing of the MoU with the Bureau of Public Procurement, Dr Vincent Olatunji, the national commissioner/CEO, NDPC, commended the leadership of the BPP for prioritising privacy and data governance.

He stated:

“Data privacy is a global imperative for building trust, confidence, and credibility within the digital ecosystem. The NDPC remains committed to supporting the integration of robust data protection standards within Nigeria’s procurement sector.”

In his remarks, Dr Adebowale Adedokun, director-general of the BPP, reaffirmed the Bureau’s commitment to ethical data management and compliance with global best practices.

In his words:

“We recognise that the unlawful disclosure of government information is a criminal offence. As we embrace technology, there is a growing need to strengthen safeguards for the protection of sensitive information.”

As part of the collaboration, Dr Olatunji offered 50 Virtual Privacy Academy vouchers to BPP staff to support capacity development in data protection and privacy.

Dr Adedokun welcomed the initiative and proposed broader training opportunities for the Bureau’s 453 procurement officers nationwide.

In a related development, the NDPC also signed an MoU with the Nigeria Governors’ Forum (NGF) to deepen data protection and privacy at the state level.

Speaking at the signing ceremony, Dr Olatunji commended the leadership of the NGF for its readiness to partner with the Commission in advancing responsible data governance at the state level.

He said:

“Compliance with data protection obligations is critical to strengthening privacy frameworks across our states, thereby accelerating nationwide adoption, enhancing investor confidence, as well as foreign direct investment.”

Dr Abdulateef Shittu, director-general of the NGF, reaffirmed the Forum’s commitment to strengthening data protection and privacy across the states.

In his words:

“This partnership with the NDPC is a strategic step towards securing Nigeria’s digital ecosystem and advancing responsible data governance at the subnational level.”

To ensure effective implementation of both agreements, working groups were established by the NDPC with the BPP and the NGF respectively to develop actionable frameworks for swift implementation.

The companies under investigation cut across some of Nigeria’s most sensitive industries. They include 795 financial institutions, 392 insurance brokers, 35 insurance companies, 10 pension firms, and 136 gaming operators. Each has been given 21 days to prove compliance or risk sanctions.

According to a statement signed by Babatunde Bamigboye, head of Legal, Enforcement and Regulations at the NDPC, the affected organisations must present evidence of their 2024 compliance audit returns, the appointment of a Data Protection Officer with full contact details, as well as technical and organisational safeguards they have put in place. 

They are also expected to confirm registration as a “data controller or processor of major importance.”

“These organisations are required to within 21 days of issuance provide evidence of filing NDP Act Compliance Audit Returns for 2024, evidence of designation or appointment of a Data Protection Officer, including name and contact details. 

“They are also to provide summary of technical and organisational measures for data protection within the organisation and evidence of registration as a data controller or processor of major importance,” the Commission stated.

The Commission argues that such enforcement is necessary to secure citizens’ rights under the 1999 Constitution and to strengthen trust in Nigeria’s digital economy. The NDPC says that failure to comply could trigger fines, enforcement orders, or even criminal prosecution as stipulated under the NDPA.

This latest development comes weeks after Multichoice Nigeria was fined ₦766.2 million for data protection violations, the biggest penalty imposed so far. 

The pay-TV operator was found guilty of intrusive data practices, unauthorised cross-border transfers, and processing subscriber and non-subscriber data without proper consent.

National Commissioner, Dr Vincent Olatunji, explained that the Commission operates a remediation-first approach to enforcement. He noted that businesses willing to correct violations are given an opportunity to do so before penalties are applied.

“Usually, when we investigate and find a breach, if they are ready to comply with the law, what is the point of making noise? It’s only when an organisation is unwilling to comply with the law that we are forced to impose sanctions,” he said.

Experts believe the Commission’s growing assertiveness shows a turning point. For years, compliance was largely voluntary, but this change shows that regulators are no longer content with awareness campaigns. 

The NDPA, modelled after global standards such as the GDPR, is designed both to protect Nigerians’ personal data and also to give local firms credibility in regional and international markets.

Held at the International Conference Centre, the Conference revealed Enugu State’s full-scale launch into regulatory revolution to bolster the gaming sector, while being at the fore.

The State has its focus on digital infrastructure, ethical clarity, and inter-agency collaborations, not waiting for federal alignment, but building its own to thrive without limitations.

The National Data Protection Commission (NDPC) delivered a keynote, warning that Nigeria’s decentralised regulatory space would collapse without shared standards for privacy, security, and accountability.

“Effective data is the backbone of engagement and revenue. With this rise in interdependency comes heightened risk of violent intent, financial fraud, unauthorised profiling and child exploitation,” Dr Vincent Olatunji, national commissioner/CEO, NDPC, represented by Alexander Onwe, officer at the Commission.

The NDPC offered capacity-building partnerships and proposed a sector-specific compliance framework for the gaming industry. It also urged the Governor of Enugu to formalise collaboration with the Commission under President Tinubu’s National Digital Economy Policy.

“If we want a future where the Nigerian gaming industry thrives globally, we must build it on privacy, compliance and regulatory unity. In this digital age, trust is the new currency.”

Also speaking at the conference, Executive Secretary of the Enugu Gaming and Lotto Commission, Prince Arinze Arum, said, “We must be honest with ourselves. The Nigerian gaming industry is at a critical juncture. The conversations are no longer just about enforcement. They are now about jurisdiction, innovation, technology, cross-border collaborations and, most important, structure.”

Arum emphasised that centralised control had failed, and that state-level innovation and regulation must rise to meet current complexities. He highlighted that over half of Nigerian states don’t even have a gaming commission, allowing for extortionate practices under the guise of enforcement.

“Effective regulation is not just a legal mandate. It is an enabler of innovation, investment and public trust.”

Industry Speaks: Too Many Laws, Not Enough Clarity

At breakout sessions and panels, operators, developers, and legal experts stress that:

• Multiple licensing requirements across states are crippling operational efficiency.
• Some regulators are unaware of current CAC document standards or outdated EFCC compliance practices.
• In Imo State, gaming companies were fined ₦110 million by the environmental agency over “gaseous emissions”, a charge totally unrelated to their line of business.
• There’s still rampant illegal betting, worsened by lack of coordination and weak digital oversight.

Industry experts called for:

• A central compliance portal for gaming firms to submit documents to EFCC, NDPC, FIRS, etc.
• Pre-warning systems for regulatory breaches instead of first-strike penalties.
• A unified API and CMS standard for state monitoring systems to reduce tech duplication and regulatory fragmentation.

Responsible Gaming and Social Protection

A dedicated panel on responsible gaming noted how much more Nigeria needs to do. Stakeholders stressed that public education, addiction services, and data-driven self-exclusion systems were all lacking.

Prince Arum revealed that a Responsible Gaming Law was recently passed by the State House of Assembly and would soon be implemented. However, he warned:

“Responsible gaming must not be seen as a new avenue to tax the industry. It should be about clear objectives and genuine player protection.”

Experts also called for:

• Use of AI to monitor harmful player patterns;
• State-funded campaigns similar to the UK’s GambleAware;
• Creation of a national exclusion registry shared across operators and states.

What’s Next: A Five-Year View

Looking at what’s next, industry leaders identified that the sector can’t thrive without economic stability.

“If disposable income continues to fall, gaming will be seen less as entertainment and more as survival—which erodes trust and damages perception.”

The sector is hopeful that a centralised multi-state licensing regime, led by the Federation of State Gaming Regulators, will be fully operational within a year.

In closing, Arum said: “The future of Nigeria’s gaming landscape will not be built by passive observers. It will be shaped by those in this room, those who recognise that compliance and innovation are not in conflict.”

This initiative, the first of its kind in the country, is aimed at professionals across sectors and shows a sharpened focus on regulation as the economy becomes more digitised.

The launch, which coincided with the 8th annual conference of the Network of African Data Protection Authorities (NADPA) in Abuja, was led by Dr Bosun Tijani, minister of Communications, Innovation and Digital Economy. He wasted no time in stressing the weight of the move.

“As we digitise government services, open up digital trade corridors, and scale digital identity platforms, data becomes the backbone and data protection, the shield,” he said during the event.

From where we stand, this academy is a response to a reality where data breaches, identity theft, and privacy violations are no longer rare headlines but daily threats. 

The Nigeria Virtual Privacy Academy brings practical, accessible training on cybersecurity and data governance for everyone—from government workers to young tech professionals. The idea is to build digital resilience through knowledge, not just laws.

Vice President Kashim Shettima, represented at the event by Senator Ibrahim Hadejia, noted that the Federal Government views data not merely as code or numbers, but as something deeply human. “Data is more than just a digital asset,” he said. “It is a human story told in numbers.”

Nigeria has gone beyond just trying to keep up with international best practices, it’s now attempting to create a regulatory system that matches the velocity of technological change.

To this end, the Vice President pointed to several milestones. He recalled how President Tinubu, only two weeks into office, signed the Nigeria Data Protection Act into law.

This was followed by Nigeria’s endorsement of the Malabo Convention on Cybersecurity and Personal Data Protection earlier this year. The General Application Implementation Directive for the Act also came into effect just two months ago.

“Our data protection ecosystem is now directly tied to the delivery of the eight presidential priorities of this administration,” Shettima noted.

Beyond national borders, Nigeria is pushing for a continent-wide alignment. The Chairperson of NADPA, represented by Vice President Immaculate Kassiat, called for shared standards across African countries, emphasising the urgency of regional cooperation in an era where data knows no boundaries.

On his part, Dr Vincent Olatunji, national nommissioner of the Nigeria Data Protection Commission (NDPC), offered insight into what has already been achieved.

The numbers were telling; over 5,000 compliance assessments, 223 investigations, 12 organisational remediations, and upwards of $1.2 million generated in regulatory fees in just two years.

“We’ve signed MOUs with data protection authorities across Africa and are creating a regulatory environment that encourages innovation while safeguarding citizens,” Olatunji said.

Still, he warned, not every African nation has caught up. Many countries on the continent remain without concrete data protection laws, a vacuum he believes could weaken Africa’s digital future.

“Strong data protection frameworks are not barriers to innovation, but enablers of a resilient and inclusive digital economy.”

The conference, themed “Balancing Innovation in Africa: Data Protection and Privacy in Emerging Technologies,” convened more than 30 African nations, with international observers from Europe, the Middle East, Asia, and the United States.

It was a mix of public declarations and backroom strategy—an attempt to shape how the continent handles one of its most valuable currencies: data.

Inga Stefanowicz, speaking on behalf of the European Union, reiterated the EU’s support for Africa’s evolving data governance ecosystem. And while partnerships are welcome, the message from Nigerian officials stressed that we can’t afford to wait for global consensus to protect what’s already ours.

With the academy now live and the NDPC expanding its reach, Nigeria is now increasing focus on a sector usually overlooked until something goes wrong. This reiterates that digital trust is not optional, but built into the code.

The NDP Act – General Application and Implementation Directive (NDP Act-GAID) 2025, is a comprehensive framework designed to execute data privacy laws and protect citizens’ personal information.

Speaking at a press conference in Abuja, NDPC’s National Commissioner and CEO, Dr Vincent Olatunji, said there’s no room for ambiguity. “No organisation can feign ignorance of its obligations under the law.” With this directive, companies must now embed data protection into their operations or face serious consequences.

The directive is the result of over a year of extensive work. After President Bola Ahmed Tinubu signed the Nigeria Data Protection Bill into law on 12 June 2023, NDPC moved swiftly to create a framework that ensures compliance across all sectors.

A National Committee of legal and technical experts was established in September 2023 to draft the directive, with broad consultations held across Lagos and Abuja.

The final document outlines clear regulations in 14 key areas, covering lawful data processing; privacy rights; cross-border data transfers; AI ethics; data protection officer training and certification; and standardised grievance redress mechanisms.

One of the most noteworthy changes is the introduction of the Standard Notice to Address Grievance (SNAG), which allows individuals to challenge privacy breaches directly with data controllers before escalating complaints to NDPC. 

Dr Olatunji stressed the importance of this, stating, “We have fully democratised privacy breach remediation process for data subjects.” He further explained that with the automated SNAG system, “Over 230 million Nigerians are now our immediate and direct partners in ensuring adequacy of data protection in Nigeria.”

Organisations have six months to comply, with full enforcement beginning in September 2025. Financial penalties and compliance fees will take effect from January 2026. NDPC has made it clear that failure to comply will not be tolerated.

Dr Olatunji reinforced the importance of accountability, saying, “The need to hold data controllers and data processors accountable for their acts and omissions which affect the rights of others cannot be gainsaid.” This directive forces businesses to adopt privacy-by-design principles, making data security an integral part of their operations rather than an afterthought.

To help organisations meet these requirements, NDPC will provide guidance notices, training sessions, and advisory updates. The Commission also intends to gather ongoing feedback to refine the directive where necessary.

Dr Olatunji appreciated the Federal Government, particularly President Tinubu and the Minister of Communications, Innovation, and Digital Economy, Dr Bosun Tijani, for their support. However, he made it clear that the real work lies ahead: “Going forward, we shall be providing guidance notices and advisories to illustrate the requirements of the law towards deepening the culture of data privacy and protection.”

Part of an enforcement by the Nigeria Data Protection Act (NDPA), the goal is to strengthen data security and accountability in the country.

At a press briefing in Abuja, NDPC’s Chief Executive Officer, Dr Vincent Olatunji, confirmed the ongoing probe, stating, “As we speak, we have even gone to the extent of investigating multinationals. We are currently investigating TikTok and Truecaller in the area of data privacy.”

The commission is assessing whether these global platforms comply with Nigeria’s data protection regulations. If violations are found, the companies could be required to implement corrective measures. Olatunji clarified that the NDPC’s approach is not to impose immediate penalties but to guide organisations toward compliance.

When the NDPC first started monitoring data protection compliance, only 4% of companies in Nigeria adhered to the regulations. However, through sustained enforcement and stakeholder engagement, compliance levels have now risen to over 55%. This shift shows the level of awareness when it comes to data privacy among businesses operating in Nigeria.

Unlike regulators that immediately impose fines, the NDPC first evaluates the severity of breaches and their impact on individuals and the economy. Organisations found to be non-compliant are given specific steps to rectify their lapses. They must maintain proper records of data processing activities, and the commission monitors their progress for six months to a year.

While the NDPC prefers remediation over punitive action, Olatunji warned that stricter enforcement would be applied when necessary.

Beyond investigations, the NDPC has also introduced the Nigeria Data Protection Act – General Application and Implementation Directive (NDP Act-GAID), a detailed framework to help businesses comply with the law. This directive covers key areas such as data protection principles, legal grounds for processing personal data, cross-border data transfers, and mechanisms for handling grievances.

A highlight is the introduction of the Standard Notice to Address Grievance (SNAG), which allows individuals to demand corrective action from companies handling their data—without first involving the NDPC. Olatunji stated that this empowers Nigerians to take charge of their data privacy, holding businesses accountable in real-time.

Full implementation of the directive will commence in September 2025, with a six-month transition period for businesses to align with the new requirements. Provisions related to fees will take effect in January 2026.

The NDPC has assured that it will continue to provide advisory notices and training programmes to ensure that Nigeria’s data protection culture stays strong even as technology brings changes.

Techeconomy gathered that the purpose of the meeting was to explore collaboration between these industry giants and the Commission. 

The tech giants acknowledged that a key pillar of the Commission’s strategic roadmap is collaboration, and expressed their interest in aligning with this vision.

They emphasised the value of leveraging their expertise and insights, alongside those of the Commission, to support its mandate.

It was also noted that this partnership would serve as a platform for knowledge sharing, capacity building, and exchanging perspectives between industry practitioners and the Commission.

In his response, Dr Olatunji expressed his delight at the prospect of collaborating with global tech giants. He highlighted the Commission’s existing partnerships with various organisations, both within Nigeria and internationally, which have contributed to its success.

The NDPC CEO stressed the importance of synergy between the public sector, private sector, civil society groups, and academia. He warmly welcomed the collaboration offer and emphasised that it should be aligned with the Commission’s Strategic Roadmap and Action Plan (SRAP) 2023–2027.  

This initiative, which fosters partnerships between industry working groups and the government, will be the first of its kind in Africa. 

The next step discussed was the formation of a working group and the development of a terms of reference to guide the collaboration.

During the signing ceremony, Engr. Ayodele Olawande, minister of State for Youth Development, commended the initiative, along with the opportunities being created for jobs and wealth creation by NDPC under the leadership of the National Commissioner/CEO, Dr Vincent Olatunji. 

“No less than 80% of human capital development under the administration of the President is targeted at youths and this initiative is aimed at equipping 5,000 youths with the requisite technical skills for new jobs in the data protection ecosystem,” the Minister said.

While explaining the importance of the training, Dr Olatunji emphasized the importance of building trust and confidence as Nigeria repositions her economy to attract foreign direct investment. 

“Investors will be eager to do business in Nigeria if we are able to demonstrate accountability in relation to their data assets. There are at least 500,000 data controllers in Nigeria who are required to have at least one data protection officer each. Nigerian youths now have a great opportunity to become professionals to take up the estimated 500,000 new jobs in the ecosystem.

“In addition, we are also making sure that the subsequent certification will not be a burden on our foreign exchange. We have already licensed an in-country certification body that will issue globally recognized certificates to eligible trainees.” Dr. Olatunji stated.

On his part, the Permanent Secretary, Federal Ministry of Youth Development, Mr. Olubunmi Olusanya, lauded NDPC for its quest for data privacy and protection and asserted the preparedness of the Ministry to set the necessary machinery in motion in order to make the collaboration a success.   

The sanctions, announced by the National Commissioner Dr Vincent Olatunji, are part of an initiative to enforce the Nigeria Data Protection Act 2023 and safeguard personal information.

The NDPC’s action targeted four major banks and three additional institutions, penalized for breaches of data protection regulations. Dr Olatunji noted that these measures are in line with the government’s goal to maintain strict data protection standards.

Since the implementation of the Nigeria Data Protection Act 2023, the NDPC has conducted over 1,000 investigations across various sectors, including financial services, education, insurance, and consultancy. 

Of these, approximately 400 cases involved digital lending companies, often referred to as loan sharks. These investigations bring to light the widespread issues in data handling practices across multiple industries.

Dr Olatunji spoke on a noteworthy improvement in compliance with data protection laws, and private sector adherence rising from 49% to over 55%, while public sector compliance increased from 4% to 15%. This progress is attributed to the NDPC’s ongoing works to promote awareness and enforce regulations rigorously.

During a recent session with journalists in Abuja, marking the first anniversary of the Nigeria Data Protection Commission Act, Dr Olatunji reiterated the NDPC’s focus on protecting citizens’ data. He highlighted that the agency’s efforts are pointed towards creating a secure data ecosystem, now valued at over N10 billion.

The NDPC has also announced plans to hold chief executives of government ministries, departments, and agencies accountable for any data breaches under their jurisdiction. This policy aims to ensure that public sector entities adhere to the same standards expected of private companies.

The NDPC continues to investigate high-profile cases involving major companies such as Zenith Bank, GTB, Fidelity, Leadway Insurance, Babcock University, Opay, Meta, and DHL, all in a bid to enhance data protection and global best practices.

The visit afforded the two organizations the opportunity to discuss areas of mutual cooperation between the State and the Commission.

Among the key areas of cooperation discussed at the meeting included Citizens’ Awareness, where both organizations are looking at raising public consciousness around Data Protection and ensuring Data privacy for citizens, so as to reduce the scourge of hacking, identity theft and other ills that currently make online and offline presence a challenge in the country.

Both executives also discussed the importance of Capacity Building in order to get more more people trained on data protection as well as the need for public and private institutions in the state to engage the services of Data Protection Officers, DPOs, in compliance and monitoring, in line with the provisions of the Act establishing the NDPC and the Nigeria Data Protection Regulation, NDPR.

Both organizations are also looking to create new job openings and employment opportunities in areas such as Data Protection Officers (DPOs), Compliance Officers among others, as an initiative towards Youth Empowerment. This they envisaged, will enable the youths be better informed and empowered to setup innovative business around data protection and management.

In his remarks, the Managing Director of Anambra State ICT Agency noted that data is the new oil, because of its strategic importance to planning across critical spheres of the economy.

He said, having underscored this, Mr Governor, Prof Charles Chukwuma Soludo, CFR has committed to accurate data sourcing and the protection of data, especially personal data, as an insurance that will enhance the prosperity of Ndi Anambra on the short run, as well as ensure that on a long run, more businesses flourish in the state.

According to CFA, the visit is to explore possible avenues of collaboration that will yield in accurate data sourcing for the state, which will in turn, prove resourceful for the Commission in national planning.

In his response, the NDPC National Commissioner, Dr Olatunji promised to support Anambra State through the ICT Agency, in its plan to make the state a technology-driven state.

Highpoint of the visit was the presentation of a copy of the Data Protection Act – 2023 to the MD/CEO of the Anambra ICT Agency by the NDPC National Commissioner, who was too excited to partner with the State.