The Nigeria Data Protection Commission (NDPC) has commenced an investigation into more than 1,000 education institutions across the country to assess compliance with the Nigeria Data Protection Act (NDP Act), 2023.
The probe covers federal, state, and private universities, polytechnics, colleges of education, and technical colleges, marking one of the largest sector-wide compliance checks since the law was enacted.
In a public notice, the Commission’s Head of Legal, Enforcement, and Regulation, Babatunde Bamigboye, said the initiative is part of an ongoing sector-by-sector enforcement drive. The aim is to safeguard the fundamental rights and freedoms of data subjects while strengthening Nigeria’s digital economy through trusted personal data use.
Affected institutions have been directed to submit, within 21 days, evidence of:
Filing their 2024 Data Protection Compliance Audit Returns
Appointment of a Data Protection Officer, including contact details
Summary of technical and organizational measures adopted to protect personal data
Registration as a Data Controller or Processor of Major Importance, as required by law
The NDPC warned that failure to comply may result in enforcement orders, administrative fines, and possible criminal prosecution under the NDP Act, 2023. Compliance is mandatory for institutions handling large volumes of personal data.
Observers note that the education sector manages some of the country’s most sensitive information, including students’ academic records, biometric data, financial information, and staff records. With the growing digitalization of admissions, online learning platforms, and electronic documentation systems, concerns about data breaches and weak privacy safeguards have intensified.
The Commission emphasized that the investigation aligns with its statutory mandate to monitor, investigate, and enforce compliance across sectors.
