The Nigeria Data Protection Bureau (the “NDPB”) a body established to oversee the implementation of the Nigeria Data Protection Regulation (NDPR) which was issued by the National Information Technology Development Agency (NITDA) recently established the National Data Protection Adequacy Programme (the “NaDPAP”) Whitelist pursuant to section 37 of the 1999 Constitution of the Federal Republic of Nigeria (the “CFRN”).

The Whitelist contains a list of organisations deemed to have taken steps to comply with the standard duty of care required in ensuring data protection. The NaDPAP Whitelist is expected to be published on the NDPB website, in major newspapers, and in addition, shared with local and international establishments to serve as a reference for compliant organisations in relevant transactions and proceedings.

In a compliance notice on the NaDPAP Whitelist (the “Notice”) recently published by NDPB, organisations have been directed to take the following steps on or before the 25th November 2022 to be included on the NaDPAP Whitelist:

• To read and understand the Nigeria Data Protection Regulation (the “NDPR”) 2019, because it applies to various situations and persons involved in data processing;
• To develop and implement a Privacy Policy that is consistent with the NDPR;
• To notify employees, customers, and online visitors of the Privacy Policy;
• To designate at least one or two members of staff as Data Protection Contacts (“DPC”). The Names of the DPCs (not more than 3) should be forwarded to NDPB for a free Induction Course in Data Protection Regulation Compliance, following which any one of them may be appointed as the organisation’s Data Protection Officer (“DPO”);
• Where there is subsisting DPO, his contact should be forwarded to the NDPB; and
• To mandate service providers (agents, licensees and contractors) to comply with the NDPR.