The Nigeria Data Protection Commission (NDPC) has announced an extension of the registration deadline for Data Controllers and Data Processors of Major Importance (DCPMIs), moving the date to October 31, 2024. This decision was approved by NDPC National Commissioner and CEO, Dr. Vincent Olatunji.
In a recent press release, Dr. Olatunji emphasized the importance of compliance with the Nigeria Data Protection Act, stating, “This extension allows organizations more time to ensure their registration while reinforcing the need for accountability in data processing.”
Under the new regulations, DCPMIs are restricted from engaging unregistered data processors. Effective October 15, 2024, they must only work with agents and contractors who are officially registered with the NDPC. This move aligns with sections 24(3), 29(1)(a), and 44 of the NDP Act, which aim to strengthen data protection and accountability.
Section 29(1)(a) of the NDP Act specifically outlines the obligations of data controllers when hiring data processors, mandating that “the engaged data processor complies with the principles and obligations set out in this Act as applicable to the data controller.”
The NDPC has urged DCPMIs to act swiftly, reinforcing that “engaging agents or contractors who do not comply with the NDP Act principles is a contravention of the law.”
Babatunde Bamigboye, Esq., Head of Legal, Enforcement & Regulations, reiterated the Commission’s commitment to upholding data protection standards: “We expect DCPMIs to fulfill their obligation to register, ensuring that personal data is handled in accordance with the law.”
Organizations are encouraged to take immediate action to ensure compliance and avoid penalties as the new deadline approaches.