Business leaders, regulators, and governance experts at the KENNA Data Protection Dialogue have warned that the growing importance of data and data processing in business operations will create digital vulnerabilities unless boards and executives take proactive ownership of data protection obligations.
The event, held in Lagos on Thursday, September 18, 2025, gathered regulators, executives, legal practitioners, and governance specialists to deliberate on the challenges and opportunities within Nigeria’s evolving data protection landscape. The Dialogue also served as the official launch of the book, Legal & Regulatory Aspects of Data Protection, authored by KENNA, which provides practical guidance on navigating compliance frameworks and strengthening organisational resilience in a data-driven economy.
The Dialogue underscored that the boardroom must set the tone for compliance, while executives drive execution across business operations.
In his address, KENNA’s Senior Partner, Professor Fabian Ajogwu, SAN, underscored that boards now have an even greater responsibility in shaping organisational culture by embedding sound data protection practices and providing effective governance direction. Professor Ajogwu noted that data is now the backbone of strategic decision-making, innovation, and competitiveness; therefore, it is pertinent that boards rise beyond mere compliance to actively champion policies, frameworks, and oversight that safeguard data and aid growth. He added that data protection has to be seen as a strategic priority with clear oversight, and that transparency is an ethical obligation, while non-compliance carries direct consequences for an organisation’s bottom line.
Delivering the keynote address, the National Commissioner/CEO of the Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, ably represented by the Head of the Commission’s regulations unit, Ibukunoluwa Owa, explained that the Nigeria Data Protection Act, 2023, is aligned with the view that data protection should be within the purview of senior management.
Owa remarked: “If you look at the NDP Act GAID, you will see that we specifically recommend that Data Protection Officers (DPOs) should be drawn from senior management. The reason is simply because DPOs are expected to act independently and provide unbiased advice on the compliance actions organisations must take. A junior or mid-level staff member may struggle to influence senior management on such critical issues. There is also a growing argument that the role should even be elevated to board level, given the significance of data protection. It is no longer a peripheral concern but a business imperative.”
The Dialogue featured a high-level panel discussion comprising multi-sectoral experts, moderated by KENNA’s Associate, Chidera Ezenwanne. Regarding the slow adoption of data protection guidelines within organisations, Partner at KENNA, Nimma Jo-Madugu, stated, “We are witnessing a similar adoption curve with data protection as we once did with corporate governance. At the time, many viewed governance as little more than CSR, until it became clear that compliance was both mandatory and essential. The same applies now with data protection. While the NDP Act is clear, organisations are still struggling with the extent of their obligations. Ultimately, once enforcement begins to carry financial consequences, the gravity of compliance will become undeniable.”
General Manager of Commercial Legal & Intellectual Property at MTN Nigeria, Ifeoma Utah, urged for the harmonisation of regulations across sectors for enhanced economic impact.
According to Utah, “We are moving in the right direction and making considerable progress, but the issue of multiple regulators remains critical. Different regulators often operate in silos, unaware of the compliance steps already undertaken with the Nigeria Data Protection Commission. This fragmentation creates uncertainty and can discourage investment. What we need is greater harmonisation; whether through collaboration, co-creation, or a handshake between regulators, in order to provide clarity and confidence for businesses.”
The Deputy Vice Chancellor (Admin) of the Pan-Atlantic University, Dr. Peter Bamkole, whilst acknowledging the steps taken by the NDPC in protecting the rights of citizens, urged greater focus on government agencies and bodies that are often found in contravention of data protection regulations.
Ms. Ezenwanne remarked that the importance of the dialogue came at very critical time given that the NDP Act GAID issued in March 2025 becomes effective on September 19, 2025, just a day after the dialogue.
The Dialogue hosted an array of guests from across sectors, with executives from Stanbic IBTC, Flutterwave, Cardinal Stone, United Capital Plc, Antan Producing Limited, FCMB, Seplat Energy, ExxonMobil, Quantum Zenith, Airtel, and Moneda Invest in attendance, among others.
