FAQs

Q 1. What happens if my organisation misses the Annual Compliance Audit Report (CAR) deadline?

Failure to file your Annual Compliance Audit Report (CAR) by the NDPC deadline constitutes a regulatory breach under the NDPA 2023. Organisations classified as Data Controllers/Processors of Major Importance (DCPMI) are mandated to file annually.

Non-compliance exposes your organisation to NDPC enforcement actions including administrative fines, sanctions, and reputational risk. SAC can assist you with urgent filing — including prior-year remediation and NDPC engagement — to restore your compliant status. Contact us immediately at info@headspace.ng or +234 803 447 2628 for an emergency compliance review.

Q 2. How quickly can SAC help us become compliant?

The timeline depends on your organisation's size, sector, and current compliance posture. For a mid-sized organisation starting from scratch, a foundational compliance programme — covering registration, a basic privacy policy framework, staff training, and DPA audit readiness — typically takes 4-8 weeks. SAC will scope your engagement, provide a clear delivery roadmap, and work alongside your team to achieve compliance efficiently. Reach us at info@headspace.ng or +2348034472628 to get started.

Q 3. What is a Data Protection Impact Assessment (DPIA) and when is it required?

A DPIA is a structured process to identify and minimise the privacy risks of a new project, system, or processing activity before it goes live. Under the NDPA 2023, DPIAs are mandatory for high-risk processing activities — such as large-scale profiling, processing sensitive personal data, or implementing new surveillance technologies. SAC conducts DPIAs that are thorough, NDPC-compliant, and designed to protect your organisation from regulatory exposure.

Q 4. What is the CDPO Certification and how do I register for the April 2026 cohort?

The Certified Data Protection Officer (CDPO) programme is Nigeria's premier NDPC/IIM-accredited certification course for professionals responsible for data protection and privacy compliance.

Next Cohort: 13–17 April 2026 | Virtual (Zoom) | ₦300,000

The programme covers the full NDPA 2023 compliance lifecycle, the DPO's statutory role and responsibilities, data subject rights management, privacy by design, DPIA methodology, breach management, and NDPC enforcement practice.

Who should attend? Compliance Officers, Legal/Risk Professionals, IT/Security teams, HR and Business Leaders, Consultants, and any professional managing or overseeing personal data processing activities.

What you receive: An NDPC-recognised CDPO Certificate, IIM Africa accreditation, comprehensive training toolkit, and access to SAC's expert faculty post-training.

To register: tinyurl.com/ff73sfta | Call: +234 803 447 2628 | Email: info@headspace.ng

Q 5. Does my organisation need to file an Annual Compliance Audit Report with the NDPC?

Yes — if your organisation is a data controller or processor of significant importance (DCPOI), you are required to conduct a data protection compliance audit and file the report with the NDPC annually. Failure to file attracts penalties. SAC manages the entire process: from conducting the audit to preparing and submitting your report to the NDPC. Contact us before the March 31 deadline each year.

Q 6. What is a DPCO and why should I work with one?

A Data Protection Compliance Organisation (DPCO) is an entity licensed by the NDPC to provide data protection advisory, audit, and compliance services. Working with a licensed DPCO like SAC gives you assurance that your compliance programme is designed by accredited professionals who understand NDPC requirements. It also demonstrates due diligence to the regulator — which matters in the event of an investigation or data breach.

Q 7. What is the NDPA 2023 and does it apply to my organisation?

The Nigeria Data Protection Act (NDPA) 2023 is Nigeria's primary data protection legislation, administered by the Nigeria Data Protection Commission (NDPC). It applies to any individual or organisation that collects, processes, stores, or shares personal data of Nigerian residents — regardless of where the organisation is based. If your business handles customer, employee, or patient data, you are likely covered. SAC can conduct a quick compliance assessment to confirm your obligations.

Have any questions about data privacy? here some answers

offer a wide range of services to help organizations comply with data privacy laws and regulations, such as the Nigeria Data Protection Regulation (NDPR). These services include compliance audits, legal advice, data protection impact assessments, and training programs. They also assist with data breach remediation, cross-border data transfer, and representation before regulatory agencies

Ask Any Question

Ready to Secure Your Organisation's Data?

Whether you need a compliance audit, a dedicated DPO, CDPO training for your team, or a full data protection programme — SAC delivers. Talk to an expert today.

Start Your Compliance Journey
Cookies

At headspace, We rely on recognised lawful bases for data processing such as consent, legal obligation and contract. We process various categories of your data based on the type of engagement you have with us. Subject to your data subject rights, “cookies” on our website may process your pattern of engagement with our website and thereby create automated responses and notifications that seem most likely to suit your interest.

Accept