Abuja: The Nigeria Data Protection Commission (NDPC),has built a data privacy protection ecosystem worth over $12 million and created more than 27,000 jobs in the three years since its establishment.
The NDPC National Commissioner, Dr Vincent Olatunji, disclosed this at a press conference in Abuja on Friday to mark the commission’s third anniversary.
The commission was established by the Nigeria Data Protection Act, signed by President Bola Ahmed Tinubu on June 12, 2023, giving it a statutory mandate to regulate data processing across the country.
The Numbers
Olatunji said the commission had generated ₦8.6 billion in revenue for the government over the three-year period — drawn from registration fees, fines, and donations under a public-private partnership model deliberately adopted to reduce dependence on government funding.
“We generate our revenue from registration, fines and donations. In terms of revenue to the government, we have generated ₦8.6 billion in the last three years,” he said.
“We have created an economy around data privacy protection, which is over $12 million as we speak.”
Beyond revenue, the commission reports registering more than 40,000 Data Protection Controllers and Processors, licensing over 8,000 data controllers, accrediting approximately 324 Data Protection Compliance Organisations, and certifying more than 7,000 data protection officers.
The Funding Challenge
Despite the milestones, Olatunji acknowledged that funding remains a persistent challenge — one he described as a global problem, not unique to Nigeria.
“Awareness alone is huge. It is massive in terms of funding, and even financing our projects is difficult,” he said.
He said the commission had addressed this through its public-private partnership model — an approach that has attracted interest from other countries seeking to replicate Nigeria’s framework.
“We have benefited from strong support since the beginning of President Tinubu’s administration,” he added.
Governance and International Reach
The commission’s work is structured around a National Data Protection Strategic Roadmap and Action Plan built on five pillars — governance, awareness and human capital development, ecosystem and technology, cooperation and collaboration, and funding and sustainability.
On the international front, the commission has signed 38 memoranda of understanding with local and international partners and has embraced privacy-by-design principles as a core operational philosophy.
Awareness and Education
Olatunji said the commission had adopted a co-creation approach in developing its regulatory framework — involving stakeholders and the private sector from the outset rather than imposing top-down regulation.
On public awareness, the commission launched an Adopt-A-School campaign to educate students on data protection rights, established data privacy clubs in schools, and promoted data privacy as a career pathway. The agency has set a target of sensitising one million students nationwide on privacy rights.
