Ahead of its enforcement drive in 2024 and to ensure professionalism among firms licenced to carry out compliance as a service, the Nigeria Data Protection Commission has issued a Code of Conduct for DPCOs in Nigeria.

Addressing the meeting of the Commission with the DPCOs, the National Commissioner, Dr Vincent Olatunji, urged DPCOs to see their role in the implementation of the Nigeria Data Protection Act (NDPA) 2023 as a public trust that must be guarded with the utmost sense of responsibility.

Dr. Olatunji noted the opportunities presented by the Act, particularly the lawful use of data and job creation in the data processing value chain.

Recall that NDPA 2023, under Section 33, vests the Commission with the power to licence persons having the requisite level of expertise, in relation to data protection and the Act, to monitor, audit, and report on compliance by data controllers and data processors.

This is a unique public-private partnership model that is designed to promote trust and confidence in Nigeria’s digital economy, which, like other economies around the world, thrives on data processing.

In line with the Code of Conduct, the compliance services that may be offered by DPCOs include, but are not limited to, the following: awareness and capacity building; registration of the data controller or data processor with the Commission; and development of compliance schedules.

Others are the implementation of compliance schedules, NDPA compliance audits, filing of compliance audit returns with the Commission, data privacy impact assessments, and facilitating and vetting data privacy agreements.

For a firm to operate as a DPCO and carry out compliance services, it must, among others, be duly licenced by the Commission and have a verifiably certified Data Protection Officer.

As of November 2023, 163 DPCOs have been licenced by the Commission.

Presenting the Code of Conduct to the DPCOs, the Commission’s Head of Legal, Enforcement, and Regulations, Barr Babatunde Bamigboye, X-rayed the target objectives and the principles, particularly: privacy consciousness, capacity building, accountability, data ethics, and corporate social Responsibility.

All DPCOs will be held accountable in line with the provisions of the NDPA, the Code of Conduct, and other regulatory instruments that will be issued by the Commission going forward.

