X-twitter Facebook Instagram Linkedin Youtube
Nigeria Data Protection Commission
Report a breach

Call us

+2349160615551

  • Home
  • DPCO Registration & Requirements

DPCO Registration & Requirements

Definition and Duties of DPCO

Section 33 of the Nigerian Data Protection Ac 2023 t provides that a Data Protection Compliance Organisation (DPCO) is any entity duly licensed by NDPC for the purpose of training, auditing, consulting, and rendering services aimed at ensuring compliance with the NDP Act 2023 or any foreign Data Protection law or regulation having effect in Nigeria.

  • Professional Service Consultancy firm
  • IT Service Provider
  • Audit firm
  • Law firm
Register Now

With evidence of professional, academic certification or experiences in one or more of the following areas:

  • Data Science
  • Data Protection and privacy
  • Information Privacy
  • Information Audit
  • Data Management
  • Information security
  • Data protection legal services
  • Information Technology Due Diligence
  • EU GDPR implementation and compliance
  • Cyber Security/Cyber Security law
  • Data Analytics
  • Data Governance

DPCOs are licensed to provide one or more of these services:

  • Data protection regulations compliance and breach services for Data Controllers and Data Administrators
  • Data protection and privacy advisory services
  • Data protection training and awareness services
  • Data Regulations Contracts drafting and advisory
  • Data protection and privacy breach remediation planning and support services
  • Information privacy audit
  • Data privacy breach impact assessment
  • Data Protection and Privacy Due Diligence Investigation
  • Outsourced Data Protection Officer etc.

Documents Required for Licensing

  • CAC Registration
  • Evidence of Tax Clearance
  • Relevant professional or academic qualification of at least 2 listed staff (these need not be Directors)
  • Valid means of identification of one Director i.e International Passport; Drivers’ License; NIN Registration etc.
  • Website registration on .ng domain
  • Evidence of payment of prescribed licensing fees to NDPC
DPCO Relationship with NDPC

The Nigeria Data Protection Act 2023 under Section 33 provides, for the licensing of persons/organisations having a requisite level of expertise, in relation to data protection and this Act, to monitor, audit and report on compliance by data controllers and data processors:

The DPCOs shall be subject to NDP Act 2023 and Directives of NDPC issued from time to time. Every filing by Data Controllers pursuant to this NDP Act 2023 shall be accompanied by a DPCO Verification Statement. NDPC may appoint other DPCOs or by itself conduct investigation into a suspected breach of the NDP Act 2023.

Liabilities of a DPCO

A DPCO, found to be guilty of concealing or abetting a data breach by a Data Controller or Processor shall immediately lose its license and prior reports may be subject of investigation. This is without prejudice to right to legal redress by complainants, statutory investigation and prosecutorial functions of other organs of government.