NDPC Sensitises OAU Students on Responsible Digital Engagement at 5th DPAC Edition

Abstract
The Nigeria Data Protection Commission (NDPC) recently conducted a sensitisation programme for students of Obafemi Awolowo University (OAU) as part of its 5th Digital Privacy Awareness Campaign (DPAC) Edition. This initiative underscores the NDPC's commitment to fostering responsible digital engagement and ensuring compliance with the Nigeria Data Protection Act (NDPA) 2023. The campaign aims to educate young Nigerians on their rights as data subjects and their responsibilities when interacting with personal data online, highlighting the legal implications of data processing in an increasingly digital society. For legal professionals, this signals the NDPC's proactive enforcement and educational strategy, necessitating a deeper understanding of the Act's provisions by individuals and institutions alike.
Introduction
In an era defined by pervasive digital interaction, the protection of personal data has become a paramount concern globally, and Nigeria is no exception. The Nigeria Data Protection Commission (NDPC) recently took a significant step in addressing this by hosting its 5th Digital Privacy Awareness Campaign (DPAC) Edition at Obafemi Awolowo University (OAU), Ile-Ife. This event, aimed at sensitising students on responsible digital engagement, is a crucial component of the NDPC's broader mandate to ensure widespread understanding and compliance with the Nigeria Data Protection Act (NDPA) 2023.
The sensitisation programme at OAU highlights the NDPC's strategic focus on educating the populace, particularly the digitally native youth, about the intricacies of data privacy. It underscores the legal obligations and rights that arise from daily online activities, from social media usage to academic pursuits. This article will delve into the legal framework underpinning such initiatives, examining the provisions of the NDPA 2023, the role of the NDPC, and the practical implications for individuals and institutions in Nigeria's evolving digital landscape.
Background
Nigeria's journey towards a comprehensive data protection framework culminated in the enactment of the Nigeria Data Protection Act (NDPA) 2023, signed into law on June 12, 2023. This landmark legislation replaced the earlier Nigeria Data Protection Regulation (NDPR) 2019, providing a more robust and statutory backing for data privacy rights in the country. The NDPA 2023 established the Nigeria Data Protection Commission (NDPC) as the independent federal regulatory authority responsible for administering and enforcing the Act.
The primary objectives of the NDPA 2023 include safeguarding the fundamental rights and freedoms of data subjects as guaranteed under the Constitution of the Federal Republic of Nigeria, regulating the processing of personal data, and promoting data processing practices that ensure the security and privacy of data subjects. The Act also aims to strengthen the legal foundations of the national digital economy. Complementing the NDPA is the General Application and Implementation Directive (GAID) 2025, which provides comprehensive and binding directives for implementing the Act, covering aspects such as lawful bases for data processing, data subject rights, and data breach notifications. The NDPC's functions include issuing regulations and guidelines, investigating complaints, performing audits, imposing administrative fines, and informing the public about the NDPA and its updates.
Analysis
The concept of "responsible digital engagement" as promoted by the NDPC is intrinsically linked to the core data protection principles enshrined in the NDPA 2023. These principles mandate that personal data must be processed lawfully, fairly, and transparently; collected only for specific, explicit, and legitimate purposes; limited to what is necessary; accurate and kept up to date; retained only as long as necessary; and secured against foreseeable hazards and breaches.
For students and individuals, responsible digital engagement primarily involves understanding and exercising their rights as data subjects. The NDPA grants individuals several key rights, including the right to be informed about how their data is processed, the right to access their personal data, the right to rectification of inaccurate data, the right to erasure (the "right to be forgotten"), the right to object to processing (especially for direct marketing), the right to restrict processing, and the right not to be subjected to automated decision-making with legal or significant effects. A crucial aspect of lawful processing is consent, which must be explicit, freely given, specific, informed, and unambiguous, with data subjects having the right to withdraw consent as easily as it was given.
Educational institutions like OAU, as data controllers, bear significant obligations under the NDPA. They must implement appropriate technical and organisational measures to secure personal data, provide clear privacy policies, and respond to data subject requests in a timely manner. For instance, the processing of children's data has expanded protections under the Act, increasing the age threshold to 18 years and requiring specific consent. Failure to comply can lead to severe consequences, including administrative fines of up to ₦10 million or 2% of annual gross revenue for data controllers of major importance, and ₦2 million or 2% for others, whichever is higher, in addition to reputational damage and potential civil actions by affected data subjects.
The NDPC's sensitisation efforts, such as the DPAC Edition at OAU, are vital for translating these legal provisions into practical understanding. The Commission actively promotes awareness through various initiatives, including the Digital Privacy Awareness Campaign, Data Privacy Clubs in universities, and partnerships with organisations like Meta to launch nationwide privacy education campaigns. These campaigns are critical in fostering a culture of data protection, ensuring that individuals are empowered to protect their digital identities and that institutions uphold their duty of care.
Conclusion
The NDPC's sensitisation of OAU students on responsible digital engagement is a timely and essential initiative, reflecting the Commission's proactive approach to enforcing the Nigeria Data Protection Act 2023. As Nigeria continues its rapid digital transformation, the importance of data privacy awareness, particularly among the youth, cannot be overstated. This ongoing educational drive by the NDPC, alongside its robust enforcement powers, underscores a clear regulatory commitment to safeguarding personal data.
For legal practitioners, this development signals a heightened need to advise clients – whether individuals, educational institutions, or businesses – on their comprehensive obligations and rights under the NDPA 2023 and the GAID 2025. Ensuring compliance is no longer merely a best practice but a legal imperative with significant financial and reputational implications. Attorneys must guide clients in developing robust data protection policies, implementing adequate security measures, managing consent effectively, and establishing clear procedures for handling data subject requests and breach notifications. The NDPC's consistent engagement with the public and various sectors indicates that data protection will remain a critical area of legal and operational focus in Nigeria.
Citations
- 1.Nigeria Data Protection Act 2023
- 2.General Application and Implementation Directive (GAID) 2025