African countries study Nigeria’s data protection ecosystem

At least eight African countries are currently studying Nigeria’s data protection ecosystem as they seek to strengthen their own regulatory frameworks and institutional capacity, findings have shown.

The Nigeria Data Protection Commission (NDPC) has hosted delegations from several African states to share regulatory experience, institutional structures, and practical lessons on establishing and managing effective data protection authorities.

According to available information, the Somalian Data Protection Authority visited the Commission on July 23, 2025, while the Uganda Data Protection Authority followed on August 5, 2025. Other countries that have understudied Nigeria’s data protection framework include Botswana, the Kingdom of Eswatini, Mozambique, Sierra Leone, Tanzania, and The Gambia.

In a statement, the NDPC said President Bola Tinubu’s signing of the Nigeria Data Protection Act in 2023 marked a turning point for the sector, creating opportunities for ecosystem expansion and placing regulatory and supervisory functions at the centre of data governance.

The Chief Executive Officer and National Commissioner of the NDPC, Dr Vincent Olatunji, noted that Nigeria’s data protection and privacy framework is increasingly serving as a reference point for other African countries, particularly within the West African sub-region.

As the pioneer CEO of the Commission, Olatunji said the implementation of the Act has attracted growing attention and investment, while improving awareness of data privacy among data subjects and custodians. He added that institutions across key sectors—including banking, education, healthcare, insurance, telecommunications, and digital platforms—are now subject to closer oversight, with sanctions applied in cases of data breaches.

Following the Act’s implementation and strengthened regulatory oversight, Nigeria has emerged as a focal point for countries seeking to replicate its data protection model. Within two years, no fewer than eight African nations began studying Nigeria’s data protection and privacy ecosystem to adapt similar methodologies in their jurisdictions.

The NDPC also facilitated the domestication of Data Protection Officers’ (DPOs) certification to build local expertise and reduce reliance on foreign certifications, thereby easing pressure on the naira. Over 500 DPOs have obtained international certification, significantly expanding Nigeria’s pool of qualified privacy professionals and supporting effective implementation of the Act across sectors.

Within the same period, Nigeria hosted the Network of African Data Protection Authorities (NADPA) Conference and Annual General Meeting. The event promoted continental cooperation, knowledge sharing, and greater alignment of data protection regulatory frameworks across Africa.

Under Olatunji’s leadership, the Commission also established the Virtual Privacy Academy (VPA), an initiative designed to expand privacy education and awareness across sectors. The academy delivers structured online training, awareness programmes, and professional development courses using a Nollywood-style approach to capacity building, while positioning data subjects as critical stakeholders.

To strengthen compliance, the NDPC issued the General Application and Implementation Directive (GAID), providing regulatory clarity, operational guidance, and enforceable standards for adherence to the Nigeria Data Protection Act. The Act was also translated into three major local languages—Hausa, Igbo, and Yoruba—to enhance accessibility and public understanding.

According to the Head of Corporate Communications and Media at the NDPC, Mr Itunu Dosekun, the Commission has also conducted targeted capacity-building programmes for Ministries, Departments, and Agencies to improve institutional compliance, data governance practices, and responsible handling of citizens’ personal data.

Dosekun added that the NDPC’s achievements under the current leadership have earned multiple recognitions, including the Outstanding Data Protection Authority of the Year award at the Picasso Awards Africa, underscoring its regulatory impact and commitment to data protection excellence.