Development in Progress

NDPC Launches Sector-by-Sector Compliance Investigation Under the NDPA 2023: What Organizations Must Know

NDPC Launches Sector-by-Sector Compliance Investigation Under the NDPA 2023: What Organizations Must Know

Strengthening Accountability in Nigeria’s Data Protection Landscape

The Nigeria Data Protection Commission (NDPC) has announced the commencement of a sector-by-sector compliance investigation to ensure organizations across the country are aligning with the Nigeria Data Protection Act (NDPA) 2023. This move signals a new phase in Nigeria’s data protection journey—one where compliance is no longer optional or reactive, but a regulatory expectation.

At Amanitrust, our role as a licensed Data Protection Compliance Organization (DPCO) is to help businesses interpret these developments in practical terms, ensuring they not only meet their obligations but also transform compliance into a foundation for trust and growth. 


Why This Matters

The NDPC’s press release makes it clear: organizations that fail to comply with the NDPA 2023 risk investigations, enforcement actions, administrative fines, and even prosecution. But beyond the penalties, this announcement underscores something more important—Nigeria is serious about building a data governance culture that protects individuals while boosting the digital economy.

For organizations across industries—whether in finance, telecoms, education, healthcare, or e-commerce—the message is simple: compliance is now a business-critical priority.


What the NDPC Requires from Organizations

According to the compliance notice, organizations listed in national dailies and public notices must, within 21 days of issuance, provide the NDPC with key evidence of compliance, including:

1. Evidence of filing NDP Act Compliance Audit Returns for 2024 (S.6(d) of the NDP Act);
   This involves demonstrating that the organization has assessed and reported its data protection practices for the period under review.

2. Evidence of appointment/designation of a Data Protection Officer with contact details (S.32);
   Every organization handling significant volumes of personal data must have a DPO in place, serving as the compliance lead and liaison with the NDPC.

3. Evidence of registration as a Data Controller/Processor of Major Importance (S.44);
   Organizations that process high-risk or large-scale personal data must register officially with the NDPC.

4. Summary of technical and organizational measures for data protection within the organization (S.39);
   This includes policies, security protocols, and operational safeguards put in place to protect personal data.

The Commission has emphasized that failure to comply with these requirements may result in strict enforcement measures, ranging from enforcement orders to administrative fines and, in some cases, criminal prosecution in accordance with the NDP Act, 2023.


A Turning Point for Nigeria’s Digital Economy

The NDPC has positioned this compliance drive not just as a regulatory exercise, but as part of a broader agenda to strengthen the foundations of Nigeria’s digital economy.

By enforcing the NDPA across sectors, the Commission is aiming to:
  • Protect the fundamental rights of Nigerians in line with the 1999 Constitution.
  • Enhance public trust in the digital economy.
  • Ensure Nigeria’s competitiveness and alignment with regional and global data protection standards.
For businesses, this is both a challenge and an opportunity. On one hand, it means compliance work must now be treated as a core operational priority. On the other hand, organizations that get it right can use compliance as a competitive edge—building stronger trust with customers, investors, and regulators alike.


What This Means for Your Organization

This investigation is a wake-up call for organizations that may have deprioritized compliance or assumed that “no complaints” means compliance. The NDPC has made it clear that proactive evidence of compliance is required.

Here’s what organizations should be doing right now:

  • Review compliance status immediately. If you haven’t filed your audit returns or appointed a DPO, now is the time.
  • Prepare documentation. Compliance is not just about having policies—it’s about being able to demonstrate them when asked.
  • Engage experts. Partner with a licensed DPCO like Amanitrust to conduct a compliance gap analysis, file audit returns, and implement necessary safeguards.

How Amanitrust Can Support You

At Amanitrust, we understand that compliance can feel overwhelming—especially with regulatory deadlines, technical requirements, and sector-specific obligations. That’s where we come in.

We provide end-to-end support, including:
  • NDPC Registration & Filing: Guiding you through registration as a Data Controller/Processor of Major Importance.
  • Audit Returns Preparation: Helping you file NDPA Data Compliance Audit Returns accurately and on time.
  • Gap Analysis & DPIAs: Identifying compliance gaps and mitigating risks before they become liabilities.
  • Staff Training & Awareness: Ensuring compliance is not just a policy but a shared culture across your organization.
  • Compliance Advisory: Offering tailored solutions that keep you ahead of regulations and enforcement actions.
Our approach combines legal expertise, industry experience, and practical tools—making compliance not just achievable, but sustainable.


Why You Should Act Now

The NDPC’s sector-by-sector investigation is not a one-off event. It marks the beginning of a stricter enforcement regime where organizations are expected to demonstrate compliance proactively. Waiting until you are investigated or fined is not a strategy—it’s a risk.

Compliance under the NDPA should no longer be seen as a burden but as a trust-building opportunity. Customers are increasingly conscious of how their data is handled, and regulators are watching more closely than ever. Acting now positions your organization not only to stay compliant but also to thrive in Nigeria’s growing digital economy.

The NDPC’s announcement is a clear signal: the time for passive compliance is over. Every organization that collects or processes personal data must now be intentional, structured, and proactive about compliance.

At Amanitrust, we believe compliance done right is not just about avoiding penalties—it’s about building trust, protecting reputations, and enabling sustainable growth.


Is your organization ready for the NDPC’s compliance investigation?

Book a compliance consultation with Amanitrust today and let us help you prepare your audit returns, register with the NDPC, and implement the right safeguards for your business.

Contact us now:
🌐 Website: www.amanitrust.ng
📧 Email: amanitrust6@gmail.com
📞 Phone: +234 708 498 7726

Don’t wait for enforcement—let’s get your compliance right, together.
Related Articles
Nigeria Hosts NADPA-RAPDP AGM 2025: Advancing Data Privacy Across Africa Nigeria Hosts NADPA-RAPDP AGM 2025: Advancing Data Privacy Across Africa
News - May 28, 2025
NDPC Issues GAID 2025: What It Means for Your Business NDPC Issues GAID 2025: What It Means for Your Business
News - Apr 01, 2025
Hexagon Triangle Square
Amanitrust Logo White

Get comprehensive solutions to ensure that your organization meets regulatory requirements while fostering trust with customers and stakeholders.

Book a Call Learn More
All rights reserved © 2024 | Amani Global limited. Designed & Developed by Oniontabs