NDPC steps up data protection compliance enforcement
1 September 2025
The NDPC launches sector-specific investigations under the NDPA 2023. Learn compliance requirements and how Forvis Mazars can support your business.
The Nigeria Data Protection Commission (NDPC) has begun sector-specific investigations into organizations’ compliance with the Nigeria Data Protection Act (NDPA), 2023. Initial focus areas include the insurance, pension, gaming, banking, and media sectors – a clear signal that regulators are taking a more proactive stance and that organizations must now approach data protection as a core compliance priority.
What the compliance notice requires
Organizations served with NDPC notices are expected to, within 21 days of receipt, provide
evidence of:
- Registration as a Data Controller or Processor of Major Importance (DCPMI).
- Evidence of filing NDPA Compliance Audit Returns for 2024.
- Evidence of designation or appointment of a Data Protection Officer (DPO).
- Implementation of appropriate technical and organizational measures for safeguarding
personal data.
Who is a Data Controller or Processor of Major Importance (DPCMI)?
Under Section 65 of the NDPA, a DPCMI is any organization or individual that processes personal data on a large scale, significantly impacts data subjects, or operates in critical sectors such as: Financial Services (Banking, Insurance, Pensions), Aviation, Communication, Education, Healthcare, Oil & Gas, Power, Hospitality, Tourism, and E-Commerce, Public Service and other strategic industries. These entities have heightened responsibilities under the NDPA, including mandatory registration with the NDPC and demonstrable accountability in handling personal data.
Why this matters
Failure to comply with the NDPC Compliance Notice could trigger enforcement actions, ranging from significant administrative fines to even criminal prosecution.
How we can help
At Forvis Mazars, we understand the evolving compliance landscape and the serious risks of noncompliance. Our experts provide practical support – from registration and audit filings to DPO advisory services and the implementation of data protection frameworks – ensuring your organization remains compliant, avoids penalties, and builds trust with stakeholders.
Want to know more?