The Nigeria Data Protection Bureau (NDPB) has stated that Nigeria will require more than 400,000 Data Protection Officers (DPOs) to ensure compliance with the Data Protection Act by the 500,000 companies regulated by the Nigeria Data Protection Commission (NDPC). Dr. Vincent Olatunji, the National Commissioner of NDPB, revealed this during a capacity-building session on Data Protection and Privacy organized for the Nigeria Information Technology Reporters Association (NITRA) in Lagos.
Dr. Olatunji highlighted that Nigeria faced a significant cybersecurity challenge, with 46,126 attempted breaches on data-based systems in just nine months of 2020. Worryingly, 41,979 of these attempts (91%) were successful. To strengthen cybersecurity measures and protect personal data, the federal government recently launched the Data Protection Act, aiming to foster the development of personal data protection and promote the deployment of technological and organizational safeguards.
According to Section 32 (1) of the Data Protection Act, 2023, data controllers of significant importance are required to designate a Data Protection Officer (DPO) with expertise in data protection law and practices. The DPO’s role includes carrying out tasks prescribed under the Act and its subsidiary legislation. The DPO may be an employee of the data controller or engaged through a service contract.
The DPO’s responsibilities include advising data controllers or data processors and their employees on data processing under the Act, monitoring compliance with the Act and related policies, and serving as the contact point for the Commission on data processing issues.
Currently, the Nigeria Data Protection Commission (NDPC) is responsible for regulating around 500,000 companies/organizations in Nigeria. With less than 10,000 certified DPOs in the country, there is a pressing need to bridge the gap by building the capacity of stakeholders through training and education initiatives. This will ensure that companies can fulfill their data protection obligations and safeguard the privacy of individuals in accordance with the Data Protection Act.