The Nigeria Data Protection Commission (NDPC) said it has revoked the licences of 19 Data Protection Compliance Organisations (DPCOs).
This is even as it has increased the licence fee of 291 licensees to N2 million from N50,000 to ensure that only serious organisations can apply for the licence from now on.
The national commissioner, NDPC, Dr. Vincent Olatunji, who disclosed this during a meeting with the licensed DPCOs in Lagos, averred that last year, the Commission revoked 19 licences of DPCOs, with plans to revoke more this year as it evaluates their performance.
According to him, “There are currently 291 licensed DPCOs. With the increment in licence fee, what we are saying is that if you don’t have any business coming to register as a DPCO, you don’t have to come because you are paying just N50,000.
“Increasing the licence fee to N2 million is a way of screening those who are willing to do business in this sector. It means that those who will apply for the licence are people who are ready for business.”
DPCOs, or certified data protection organisations, are businesses that advise firms that handle the data of Nigerian citizens—also known as data processors and controllers—on how to abide by the Nigeria Data Protection Act (NDPA). Over 500,000 data controllers and processors exist in Nigeria, according to the Commission.
Although he acknowledged that Nigerians still do not adhere to the highest standards of data privacy, the head of the NDPC acknowledged that progress had been made, adding that only 622 audit reports were received from data controllers in the first year.
“Now, we are doing over 3,000 which is commendable, but the number of data controllers that we are expecting to register should not be less than 100,00 and that is even about 20 per cent compliance because we have over 500,000 data controllers in Nigeria. So the level of compliance is still very low, we need to bring more controllers on board. Our mission is to build a culture of data protection compliance in Nigeria, where we do not have to run after you before you comply,” he said.
In his reaction, the president of the Institute of Information Management (IIM), Dr Oyedokun Oyewole, said that the data protection industry is still emerging.
The IIM was recently licensed by the NDPC to conduct examinations and certify data protection professionals in Nigeria.
A large number of ecosystem players, according to Oyewole, were still unaware of the need of strengthening data privacy, which contributed to some of the difficulties faced by DPCOs. He consequently asked the NDPC to step up its efforts to raise awareness in order for the general public to comprehend the significance of data privacy in an increasingly digital age.