With the advent and recognition of data privacy rights and obligations in Nigeria pursuant to which the Nigeria Data Protection Regulation, 2019 (the NDPR), the Nigerian Data Protection Regulation: Implementation Framework 2020 (the NDIF) and the Guidelines for the Management of Personal Data by Public Institutions in Nigeria, 2020 were enacted, it is imperative for companies, public institutions and individuals who control and process personal data of individuals to comply with the NDPR. One of such ways is by engaging the services of a Data Protection Compliance Organization(DPCO).

As a DPCO licenced by the National Information Technology Development Agency (NITDA), we have an extensive understanding of the documentary, procedural and organisational measures required by entities and individuals to remain data protection compliant within the purview of the relevant laws.

Our leading services include:

  • Conducting an adequacy audit and a process audit on data protection processes within an Organisation
  • Preparing and issuing a data protection audit gap assessment report, whilst interfacing with relevant organisational heads on implementation procedures and deadlines
  • Filing of Data Protection Compliance Audit Reports
  • Conducting Data Protection Impact Assessment Tests prior to the commencement of key projects/collection of sensitive personal data
  • Documentation of requisite Data Protection Compliance Policies
  • Maintenance of the Data Assets Register/Inventory
  • Training of Organisation’s key staff processing personal data
  • Data Breach Incident Investigation and Remediation Procedure Service
  • Conducting Penetration and Vulnerability Audits and implementation of recommended gap plugs
  • Data Protection Policy making
  • Implementation of Data Protection/Information security standards, and
  • Interfacing with the Civil Service of states within the Federation on data protection awareness and compliance within the State

Some instances of how we have helped our clients:

  • Conducted the statutory data protection compliance audit and privacy practices on The Shell Petroleum Development Company Limited (SPDC), Shell Nigeria Exploration and Production Company Limited (SNEPCO), Lubrik Construction Company, Craneburg Construction Company and Daewoo Nigeria Limited.
  • Provided a data protection compliance opinion and strategy to a major commercial bank on the transfer of customer banking information to a State Internal Revenue Service.
  • Advised SPDC on the instances and procedure for self-reporting under the Nigerian laws in event of personal data breach.
  • Prepared and issued data protection gap assessment reports to several national and multinational companies in Nigeria.
  • Advised a major construction company on the roadmap to compliance with the NDPR.
  • Conducted data protection impact assessment tests for a syndicate real estate acquisition involving the disclosure of tenant’s personal data to purchasing entity.
  • Prepared and reviewed data protection compliance policies for our clients.
  • On a periodic basis, provide legislative update to our clients on data protection best practices.
  • Help ensure data protection compliance capacity building within organisations.