Subscribe to our Newsletter to receive the latest updates on our content. By tapping the “Subscribe” button you will be redirected to subscription page. Subscription is free.
The Nigeria Data Protection Commission (“NDPC”) on Thursday, 19 February 2026, issued a Compliance Notice containing a schedule of six hundred and forty-nine (649) higher institutions across Nigeria. The listed institutions include federal, state, and private universities, technical colleges, colleges of education, polytechnics, and similar bodies. This action forms part of the Commission’s ongoing sector-by-sector investigation.
24 February 26
Other Insights:
The affected institutions are required to provide the NDPC with the following within twenty-one (21) days from the date of the Notice:
• Evidence of filing NDP Act Compliance Audit Returns for 2024 (Section 6(d) NDP Act)
• Evidence of the designation or appointment of a Data Protection Officer, including name and contact details (Section 32 NDP Act)
• A summary of the organisation’s technical and organisational data protection measures (Section 39 NDP Act)
• Evidence of registration as a Data Controller or Data Processor of Major Importance (Section 44 NDP Act)
The NDPC further stated that failure to comply with the Notice may result in the issuance of an Enforcement Order, the imposition of administrative fines, and/or criminal prosecution in accordance with the Nigeria Data Protection Act 2023.
Next Steps
The affected institutions have to ensure compliance with the stipulated request. Should the requested information or documents not be available, the institutions are required by the NDPC to rectify the lapses within twenty-one (21) days of the Notice.
Click here to download and read the full article.
Should you have any questions regarding the information in this legal alert, please do not hesitate to contact Adeolu Idowu.