The Nigeria Data Protection Commission (NDPC) has begun a sector-wide audit of tertiary institutions to enforce compliance with the Nigeria Data Protection Act (NDP Act) 2023.
The commission said the exercise will assess compliance among universities, polytechnics, colleges of education and other post-secondary institutions that process significant volumes of personal data.
In a statement issued on Thursday in Abuja, Babatunde Bamigboye, head of legal, enforcement and regulations at the NDPC, said the move is part of the commission’s statutory mandate to ensure adherence to data protection obligations.
Read also:Â NDPC launches probe into Temu over alleged data protection breach
He noted that tertiary institutions process personal data of students, staff, alumni, research participants and other stakeholders, underscoring the need for compliance.
The NDPC has issued compliance notices to selected institutions, with the names of affected institutions published in national newspapers on February 19, 2026.
The institutions have 21 days from the date of issuance to submit evidence of filing their 2024 NDP Act compliance audit returns, proof of appointment of a data protection officer with contact details, a summary of technical and organisational measures in place to safeguard personal data, and evidence of registration as a data controller or data processor of major importance.
Read also:Â NDPC concludes 246 investigations, generates N5.2bn revenue in show of ironclad enforcement
The commission said failure to comply may lead to enforcement actions, including administrative fines, enforcement orders or criminal prosecution in line with the Act.
Vincent Olatunji, national commissioner and chief executive officer of the NDPC, has approved the establishment of a regulatory clinic to support institutions in addressing compliance gaps.
The commission said the initiative is aimed at strengthening data governance within the education sector and supporting the growth of Nigeria’s digital economy.
New
