• Thursday, 5th February, 2026

NDPC Harps on Security to Protect Individual Data, Organisational Assets

Business | 7 seconds ago

Emma Okonji

The Nigeria Data Protection Commission (NDPC), established under the Nigeria Data Protection Act (NDPA), has stressed the need for data security among data subjects and organisations, in order to protect individual data and organisational assets.

The National Commissioner/CEO of NDPC, Dr. Vincent Olatunji, who reiterated this in Lagos during a training session for the media, organised by NDPC, said the main objective of the commission was to protect citizens’ data and ensure citizens’ rights to freedom and to uphold the interests of all immigrants and people with disabilities.

According to him, data security involves protecting digital data from unauthorised access, corruption or theft throughout its lifecycle. It encompasses various practices, technologies and methodologies to safeguard information.

“The focus is to proactively prevent or minimise the consequences of personal data breaches. The increasing internet connectivity and the digitization of the global economy have led to a rapid surge in the collection, use, and cross-border transmission of data, a trend that continues to accelerate. Cybercriminals are continuously evolving their tactics to exploit these connections for financial gain. This necessitates a robust emphasis on data security to protect organisational assets,” Olatunji said.   

He disabused the erroneous belief that NDPC was set up by government as another money generating agency of government, but however said due to the cost of operations, and the need to address the funding challenges faced by NDPC since its inception in 2023, the commission decided to create an economy around data collection and processing.

“In 2023, we started with 17 Data Protection Compliance Organisations (DPCOs), but by the last count this year, we have licensed 310 DPCOs in Nigeria, and each DPCO employed between five to ten staff, a development that enabled Nigeria to create about N16.2 billion data privacy economy in a year. The data privacy society that we have established has already started progressing with us. Again, in terms of licensing fees, taxation fees, financing fees, remedial fees, and penalties, we are getting over N5.2 billion in the last two years. In terms of job creation, we are able to place over 28,000 jobs. As at 2023, we had less than 1,000 certified Data Protection Officers (DPOs), but the number of certified DPOs has reached over 7,000 presently,” Olatunji further said.

He also stressed the need for Nigeria to develop digital technologies that could drive awareness, confidence and innovation among others, through cooperation and collaboration.   

Addressing the issue of data protection and the implication of data breaches in their separate presentations, Assistant Manager, Partnerships Unit, NDPC, Alexander Onwe and IT/Cybersecurity Officer, NDPC, Busayomi Oludotun, highlighted the need for data controllers and data processors to protect data privacy of the data subjects and ensure the proper usage of data without compromise.

Oludotun described personal data breach as a security incident that results in the unauthorised access, destruction, loss, alteration or disclosure of personal information that is being transmitted or stored. According to her, Section 40 of the NDPA Act 2023 sets out strict requirements for data controllers/data processors to follow with 72 hours of reporting a personal data breach.  She classified data breaches as passive and active, adding that passive data breach focuses on gathering intelligence without altering any data or disrupting system flow, such as data interception, monitoring network traffic or information gathering, while active data breach involves direct action from malicious actor to compromise a system or network such as Distributed Denial of Service (DDOS), social engineering attacks and virus or malware deployment.  

She advised that organisations must inculcate the CIA Triad model, which is a foundational model in information security that encompasses three principles: Confidentiality, Integrity and Availability.  

Oludotun, who highlighted some of the technical and organisational measures to protect data, said: “Technical measures include physical methods of protecting data through software and hardware, such as encryption, data backup, data masking, installing intrusion detection devices, regular software update, endpoint security and data classification.Organisational measures include adhering strictly to organsaional policies and rules such as data protection policy, employing Data Protection Officer (DPO), employee training, incidence response plan, and regular audits and assessments.”

Related Articles

Founded on January 22, 1995, THISDAY is published by THISDAY NEWSPAPERS LTD., 35 Creek Road Apapa, Lagos, Nigeria with offices in 36 states of Nigeria , the Federal Capital Territory and around the world. It is Nigeria’s most authoritative news media available on all platforms for the political, business, professional and diplomatic elite and broader middle classes while serving as the meeting point of new ideas, culture and technology for the aspirationals and millennials. The newspaper is a public trust dedicated to the pursuit of truth and reason covering a range of issues from breaking news to politics, business, the markets, the arts, sports and community to the crossroads of people and society.

Helpful Links

Contact Us

You can email us at: hello@thisdaylive.com or visit our contact us page.