Nigeria needs 400,000 DPOs for data protection compliance, NDPC boss Olatunji reveals

The Nigerian government, through the Nigeria Data Protection Commission (NDPC), has emphasized the need for over 400,000 Data Protection Officers (DPOs) to ensure the compliance of the 500,000 companies regulated by the Nigeria Data Protection Commission (NDPC) with the Data Protection Act.

Telescope.ng reports that while addressing the Nigeria Information Technology Reporters Association (NITRA) on Tuesday, July 18, during a capacity-building session on Data Protection and Privacy in Lagos, Dr. Vincent Olatunji, the national commissioner of the Nigeria Data Protection Bureau (NDPB), disclosed that fraudsters had made 46,126 attempts to breach data-based systems in Nigeria during the first nine months of 2020.

He said: “The Nigeria Data Protection Commission (NDPC) is currently regulating 500,000 companies/organizations in Nigeria. To ensure that these companies comply with the data protection Act, there is a need for them to employ DPOs. Sadly, we only have less than certified 10,000 DPOs in the country. We are currently building the capacity of stakeholders, as an effort to bridge the gap in the space.”

Olatunji the federal government recently launched the Data Protection Act, to strengthen cybersecurity measures, promote the deployment of technological and organizational safeguards to enhance personal data protection and foster the development of personal data protection, among others.

He said: ”Section 32 (1) of the Nigeria Data Protection Act, 2023 states that a data controller of major importance shall designate a Data Protection Officer (DPO) with expert knowledge of data protection law and practices, and the ability to carry out the tasks prescribed under the Act and subsidiary legislation made under it.

“Section 32 (2) stated that the DPO may be an employee of a data controller or engaged by a service contract. The DPO shall advise the data controller or the data processor and their employees who carry out processing made under this Act. The DPO shall monitor compliance with the Act and related policies of the Data controller or data processor and act as the contact point for the Commission on issues relating to data processing.”

Why NDPC is investigating firms for data breaches

He also noted that the NDPC is investigating nine new organisations for data breaches, adding that they included an insurance firm, a school, and a consulting firm.

Olatunji said: “As pertaining to independence when you consider section seven of our act, the commission has to be independent. Since we started, the commission has not had any course to run to anyone. We have fined three major banks, and they will pay their fines. We are currently investigating about nine major organisations, an insurance firm, a school, and a consulting firm. We don’t work based on political affliction.”