Subscribe to our Newsletter to receive the latest updates on our content. By tapping the “Subscribe” button you will be redirected to subscription page. Subscription is free.
The Nigeria Data Protection Commission (NDPC) has issued a Guidance Notice on Continuous Professional Development (CPD) for Data Protection Officers (Guidance Notice) pursuant to Schedule 3 of the General Application and Implementation Directive (GAID) 2025.
The Guidance Notice operationalises the Data Protection Officers (DPO) verification framework under the Nigeria Data Protection Act (NDPA) 2023 and the GAID by introducing measurable annual professional development requirements for verified DPOs. It establishes a structured CPD points framework, prescribes qualifying professional activities and specifies the evidence required to maintain an active DPO verification status.
Verified DPOs are required to obtain a minimum of twenty (20) CPD points annually to maintain their active verification status. At least ten (10) of the required points must be earned through structured training and certification activities, reflecting the Commission’s emphasis on continuous technical competence.
CPD points may be obtained through a combination of qualifying activities, including:
To support annual verification, DPOs are expected to retain verifiable evidence of completed CPD activities, including certificates of attendance, confirmation emails, copies or links to publications, formal participation letters and Professional Education and Engagement Review (PEER) Forms.
The Guidance Notice further provides that compliance with CPD requirements will be reviewed annually during certification revalidation. A DPO who fails to meet the prescribed requirements may be placed on temporary inactive status pending remediation. The NDPC also indicated that it will establish a digital platform for the submission and monitoring of CPD records.
Implications for Organisations
The Guidance Notice reinforces that compliance with the NDPA extends beyond appointing a qualified Data Protection Officer. Organisations should now ensure that their appointed DPO continues to maintain the professional competence required by the NDPA and the GAID through ongoing learning and active participation in the privacy ecosystem.
Accordingly, organisations should consider:
The Guidance Notice reflects NDPC’s continued efforts to professionalise the data protection function in Nigeria and aligns with international best practices by promoting continuous learning, technical competence and active engagement within the privacy profession.
For enquiries regarding the implementation of the Guidance Notice, DPO advisory services, or broader data protection compliance obligations under the NDPA and the GAID.
Should you have any questions regarding this legal alert, please do not hesitate to contact GRC@aluko-oyebode.com or ao@aluko-oyebode.com.ng.