What are You Looking for?

NDPC Extends Registration Deadline for Data Controllers and Processors

NDPC
  • New deadline: September 30, 2024
  • Applies to: Data controllers and processors of major importance
  • Legal basis: Nigeria Data Protection Act, 2023 (NDP Act)

What’s Happening?

The Nigeria Data Protection Commission (NDPC) has extended the registration deadline for organisations classified as data controllers and processors of major importance.

This extension allows eligible entities additional time to meet the registration requirements and implement necessary data protection measures.

Who Needs to Register?

According to the NDPC’s Guidance Notice issued on February 14, 2024, you’re likely a designated entity if you:

  1. Process personal data of more than 200 individuals within a 6-month period
  2. Provide commercial ICT services on digital devices with storage capacity belonging to others
  3. Process personal data in specific sectors (financial, communication, health, education, insurance, export/import, aviation, tourism, oil and gas, or electric power)
  4. Have a fiduciary relationship with data subjects
  5. Process or intend to process the personal data of a significant number of Nigerian residents

Categories of Data Controllers and Processors

The NDPC has established three categories:

  1. Major Data Processing-Ultra High Level (MDP-UHL)
    • Registration fee: ₦250,000
    • Examples: Commercial banks, telecom companies, multinational corporations
  2. Major Data Processing-Extra High Level (MDP-EHL)
    • Registration fee: ₦100,000
    • Examples: Government MDAs, microfinance banks, higher educational institutions
  3. Major Data Processing-Ordinary High Level (MDP-OHL)
    • Registration fee: ₦10,000
    • Examples: SMEs, primary/secondary schools, primary health centers

Why This Matters

Registering with the NDPC is not just a legal requirement—it’s a crucial step in ensuring proper data protection practices. This extension gives organisations more time to:

  1. Assess their data processing activities
  2. Implement necessary safeguards
  3. Prepare required documentation
  4. Complete the registration process

Failure to register by the deadline is a violation of the NDPA and may result in penalties.

Also Read: The State Of Data Protection In Nigeria

How to Register

If your organization meets the criteria, you can complete your registration by visiting the NDPC registration portal at https://services.ndpc.gov.ng/.

Consequences of Non-Compliance

Failure to register with the NDPC by the September 30, 2024 deadline can result in serious consequences for organisations.

The Nigeria Data Protection Act, 2023 (NDPA) prescribes penalties for non-compliance including regulatory actions and fines.

Data Controllers and Processors of Major Importance (DCMIs and DPMIs) can face fines exceeding ₦10,000,000 or 2% of their annual gross revenue of the preceding financial year, if they are found in violation of the Act or its subsidiary regulations.

Regular data controllers and processors, by contrast, can be subject to fines of ₦2,000,000 or 2% of their annual gross revenue.

Next Steps for Organisations

  • Complete the registration process before September 30, 2024
  • Review the NDP Act and NDPC Guidance Notice
  • Assess your data processing activities
  • Determine your category (MDP-UHL, MDP-EHL, or MDP-OHL)
  • Gather necessary information and documentation
ByEditorial Team
Updated on

Read Next

Leave a Reply

Your email address will not be published. Required fields are marked *