Data Protection and Information Governance Training

COURSE OVERVIEW

The Nigeria Data Protection Act (NDPA) 2023 imposes comprehensive data protection obligations on organisations across every sector — and the Nigeria Data Protection Commission is actively enforcing them. Organisations that do not understand their obligations, or that have implemented compliance programmes on paper without genuine substance, face significant regulatory and reputational risk.

Our Data Protection and Information Governance Training goes beyond legal awareness to build the practical understanding needed to implement real compliance: what personal data requires protection, how to handle it lawfully, what rights individuals have, how to respond to breaches, and how to build information governance frameworks that work in practice.

WHY THIS TRAINING MATTERS

• The NDPA 2023 imposes penalties of up to 2% of annual gross revenue for violations — a significant financial exposure that has focused executive attention across Nigerian business and government.
• The Nigeria Data Protection Commission has made clear that enforcement will be active and substantive. Organisations that cannot demonstrate genuine compliance understanding at the staff level face heightened scrutiny.
• Many organisations have data protection policies on paper that have never been communicated to the staff who handle personal data daily — creating a compliance gap that training directly addresses.
• We have delivered data protection and information governance training to some of Nigeria's largest organisations — including NNPC Limited — making this one of our most extensively delivered and refined programmes.
• Internationally operating Nigerian organisations also face obligations under GDPR, UK GDPR, and other international frameworks. Professionals who understand both Nigerian and international data protection law are in exceptional demand.

WHAT YOU WILL LEARN

Data Protection Fundamentals: The principles of data protection — lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, security, and accountability — and their practical meaning for organisations.

The NDPA 2023: A comprehensive walkthrough of Nigeria's current data protection law — its scope, the obligations it creates, the rights it grants to data subjects, and the consequences of non-compliance.

Personal Data in Your Organisation: Understanding what personal data your organisation processes, why it matters, and how to identify and categorise it through data mapping exercises.

Lawful Bases for Processing: Understanding the conditions under which personal data may be processed, including consent, contract, legal obligation, vital interests, public task, and legitimate interests — and how to select and document the appropriate basis.

Data Subject Rights: The rights individuals have over their personal data — including access, correction, deletion, and objection — and how to handle data subject requests in practice.

Data Protection Impact Assessments (DPIAs): When DPIAs are required, how to conduct them, and how to document the process for regulatory purposes.

Breach Notification: What constitutes a personal data breach, when notification to the NDPC and to affected individuals is required, and how to prepare a breach notification.

Information Governance: Building information governance frameworks that treat data as an asset while managing the obligations and risks it creates — records management, retention schedules, and disposal procedures.

WHO SHOULD ATTEND

Available at multiple levels: awareness training for all staff, practitioner-level training for compliance, legal, and HR teams, and advanced training for Data Protection Officers and senior compliance professionals. We deliver bespoke organisational programmes — as demonstrated by the NNPC Limited engagement — as well as public training sessions.