The Nigeria Data Protection Commission (NDPC) on Thursday said that number of companies currently complying with the data protection regulations in Nigeria have moved from four per cent when it started moniting the compliance level to 55 per cent.
This is just as it Commission has launched an investigation into TikTok and Truecaller over alleged data breaches as part of its enforcement of the Nigeria Data Protection Act (NDPA).
The National Commissioner and Chief Executive Officer of the NDPC, Dr. Vincent Olatunji, disclosed this at a press conference in Abuja on Thursday.
The Nigeria Data Protection Commission (NDPC), was established under the Nigeria Data Protection Act 2023, to safeguard data privacy, enforces regulations, and promotes responsible data handling in Nigeria
Olatunji stated that the commission was scrutinising the compliance of TikTok and Truecaller with data protection laws.
He said, “We have even gone to the extent of investigating multinationals. We are currently investigating TikTok and Truecaller in the area of data privacy.”
He added that depending on the findings, if the companies could go through remediation and correct their lapses, the NDPC would be open to working with them.
The NDPC boss explained that the commission does not impose immediate sanctions on organisations found in breach of data protection laws. Instead, it adopts a remediation approach that evaluates breaches based on severity, the number of affected individuals, and the potential impact on the economy.
Rather than immediately announcing non-compliance, the NDPC provides companies with specific corrective measures to address their shortcomings. Once a company is found to be in breach, it must maintain detailed records of its data processing activities and rectify identified failures.
The commission then monitors these organisations for a period of six months to a year to ensure full compliance.
While the NDPC prioritises remediation, Olatunji said the commission would not hesitate to take stronger enforcement actions where necessary.
The NDPC Boss also unveiled the Nigeria Data Protection Act – General Application and Implementation Directive (NDP Act-GAID), which provides comprehensive guidelines to help data controllers and processors comply with the law.
Olatunji described the directive as a significant milestone in Nigeria’s data privacy efforts, particularly as emerging technologies continue to reshape digital interactions.
He stated that following President Bola Tinubu’s assent to the Nigeria Data Protection Bill on 12 June 2023, the NDPC began developing a framework to ensure its full implementation.
The directive, which will be made available on the NDPC portal, covers critical areas such as data protection principles, lawful bases for data processing, data subjects’ rights, cross-border data transfers, compliance audit returns, and standardised grievance redress mechanisms.
Additionally, the NDPC introduced the Standard Notice to Address Grievance (SNAG), a mechanism that allows individuals to demand remedial action directly from data controllers and processors without first going through the commission.
This, Olatunji said, empowers over 230 million Nigerians to play an active role in enforcing data protection laws.
He announced that the full implementation of the directive would commence in September 2025, with a six-month transition period for organisations. All provisions relating to fees will take effect from January 2026.
Over 40% Of Companies In Nigeria Not Complying With Data Protection Regulations- NDPC is first published on The Whistler Newspaper
Source: The Whistler
