On 25 January 2019, the National Information Technology Development Agency (“the NITDA”) issued the Nigerian Data Protection Regulation (“the Regulation”) to regulate organisations that collect and process personal data (“Data Controllers”). The Regulation empowers the NITDA to register and license Data Protection Compliance Organisations (“DPCOs”), who are required to monitor, audit, conduct training and data protection compliance consulting to all Data Controllers on behalf of the NITDA.
The Regulation requires Data Controllers to conduct a mandatory data protection audit of their organisations and file an audit report with the NITDA through a DPCO within six months from the issuance of the Regulation (i.e. 25 July 2019). This timeline was however extended to 25 October 2019 by the NITDA.