Speaking on the Commission”s regulatory approach, Ibitayo explained that the NDPC operates a “Compliance First, Not Punishment” philosophy, which encourages organisations to comply with data protection laws through collaboration rather than immediate sanctions.
Nigeria has showcased the rapid growth of its data protection ecosystem and regulatory framework at the Regional Data Governance Exchange in Nairobi, Kenya, highlighting the country’s emergence as a leading destination for data governance and digital investment in Africa.
The National Commissioner and Chief Executive Officer of the Nigeria Data Protection Commission (NDPC ), Dr. Vincent Olatunji, was represented at the event by the Head of Finance Management and Control, Olufemi Ibitayo, who led the Nigerian delegation. The exchange was hosted by the Office of the Data Protection Commissioner of Kenya.
During his presentation, Ibitayo outlined the evolution of data protection and privacy in Nigeria, noting that the country’s robust regulatory framework and the establishment of an independent Data Protection Authority have strengthened investor confidence and positioned Nigeria as a globally recognised destination for foreign direct investment.
He disclosed that Nigeria’s data protection ecosystem has grown into a ₦16.3 billion industry within just three years of formal regulation, demonstrating the economic value of effective data governance while pointing to significant opportunities for further expansion.
Speaking on the Commission’s regulatory approach, Ibitayo explained that the NDPC operates a “Compliance First, Not Punishment” philosophy, which encourages organisations to comply with data protection laws through collaboration rather than immediate sanctions. He said the Commission employs mechanisms such as Pre-Action Conferences (PAC) to promote accountability while maintaining effective regulatory oversight.
He also highlighted the Commission’s future priorities, which include strengthening international cooperation, developing regulatory technology (RegTech) solutions, establishing a regulatory sandbox to support innovation, and launching a data privacy innovation laboratory to advance Nigeria’s digital economy and data governance capabilities.
The Regional Data Governance Exchange was organised by the Data Governance in Africa Initiative to strengthen institutional capacity and promote collaboration among African data protection authorities. The programme brought together representatives from seven countries—Nigeria, Kenya, Lesotho, Liberia, Malawi, Somalia and South Africa—to share experiences, exchange best practices and deepen partnerships in data governance across the continent.

