Cybersecurity Expert Calls for Privacy-By-Design Approach to Strengthen Nigeria’s Cloud Compliance

By Dimeji Aluko

Abuja, Nigeria – November 26, 2024 – In an exclusive interview with Daily Post, renowned London-based cybersecurity expert and founder of PhishCLICK, Mr. Jamiu Olamilekan Akande, offered a pointed critique of current cloud compliance practices under Nigeria’s Data Protection Act (NDPA). He emphasized the urgent need for government agencies, enterprises, and cloud providers to embed Privacy-By-Design as a core standard—not just a regulatory checkbox.

NDPA Compliance: Gaps That Undermine Trust

Two years after the NDPA came into effect, many organizations continue to struggle with implementing its requirements effectively in cloud environments. Mr. Akande highlighted three critical areas of concern:
1. Reactive Privacy Measures
Instead of designing privacy from the ground up, many institutions rely on surface-level fixes—like consent popups or standalone encryption—added after deployment, which do little to demonstrate real commitment to data protection.
2. Insufficient Audit Trails
The absence of standardized data classification, mapping, and logging systems makes it difficult for organizations to produce the audit evidence required by regulators.
3. Fragmented Responsibility
With data security, monitoring, and incident response often spread across different departments, timely breach detection and forensic analysis remain challenging.

“Privacy-By-Design should be the foundation of any cloud strategy,” Mr. Akande stated. “It’s not merely about ticking compliance boxes—it’s about engineering trust, protecting citizens, and safeguarding national interests.”

⸻

A Clear Roadmap for Stakeholders

Mr. Akande laid out a three-part framework targeting key players in Nigeria’s digital ecosystem:

1. Federal Government & Regulators
   • Enforce Privacy-By-Design principles across public sector procurement and cloud adoption strategies.
   • Publish clear technical templates, checklists, and legal clauses that help translate NDPA mandates into actionable requirements.
2. Enterprise Decision-Makers (CIOs/CISOs)
   • Conduct thorough data mapping and lifecycle management that align with NDPA retention and deletion rules.
   • Secure binding contractual commitments for encryption, key separation, and real-time logging from their service providers.
3. Cloud Providers & System Integrators
   • Embed privacy assessments and threat modeling early in the development process—long before deployment.
   • Offer transparency through compliance dashboards, audit APIs, and modular privacy tools for identity, monitoring, and encryption.

“When the public sector, private firms, and cloud vendors commit to a shared vision of Privacy-By-Design,” Mr. Akande noted, “Nigeria positions itself as a leader in secure digital transformation.”

⸻

Building a Privacy-First Ecosystem

To bridge the gap between policy and implementation, Mr. Akande proposed several immediate steps:
• Government agencies should revise internal cloud procurement guidelines by year-end.
• Industry bodies must issue practical whitepapers and host workshops tailored to privacy engineers and compliance teams.
• Security vendors should prioritize ready-to-deploy privacy modules to ease adoption, particularly for small and medium-sized enterprises (SMEs).

“At PhishCLICK, we’ve witnessed how integrating privacy from the start doesn’t just support NDPA compliance,” Mr. Akande concluded. “It builds lasting trust, boosts cybersecurity resilience, and sets the stage for sustainable digital growth in Nigeria.”