By Azeez Sulaiman
The Nigeria Data Protection Commission (NDPC) has initiated a sector-wide compliance investigation into tertiary institutions across the country following suspected breaches of the Nigeria Data Protection Act (NDPA) 2023.
The probe targets universities, polytechnics, and colleges of education that process vast amounts of sensitive personal data belonging to students, staff, and alumni.
Dr. Vincent Olatunji, National Commissioner of the NDPC, confirmed that Compliance Notices have already been served to specific institutions, with their names published in national dailies on February 19.
These institutions now have 21 days to provide evidence of their 2024 compliance audits and proof of appointment for Data Protection Officers. Failure to meet this deadline could result in administrative fines or criminal prosecution.
The NDPC noted that as institutions increasingly digitize academic records and research administration, the risk of data mishandling has escalated.
To assist struggling institutions, the commission has established a Regulatory Clinic to provide guidance on closing security gaps.
This move signals a significant tightening of oversight in the education sector to ensure that the fundamental rights of millions of Nigerian data subjects are protected in the digital economy.