The Nigeria Data Protection Commission (NDPC) has initiated measures to tighten data protection regulations for the hospitality and telecommunications sectors in Nigeria. This move is part of a broader strategy to create sector-specific privacy frameworks tailored to industries handling large volumes of personal data.
Stakeholder Engagement in Abuja
The initiative was unveiled yesterday in Abuja during a stakeholder engagement on data protection and privacy frameworks covering telecommunications, financial services, and hospitality. The session brought together regulators, operators, and industry experts to develop practical guidelines that translate Nigeria’s data protection law into sector-based compliance tools.
National Commissioner and Chief Executive Officer of the NDPC, Dr. Vincent Olatunji, emphasized the Commission's collaborative approach. He stated that rather than imposing regulations, the NDPC adopts a “co-creation” method, involving stakeholders from the drafting stage to ensure regulations reflect each sector's realities.
“In our law, we have the power to make regulations without necessarily going back to anybody, but we choose a co-creation approach where we engage stakeholders before finalising anything. Whatever we are creating is what we believe is good for Nigeria, and we present it for input,” Olatunji said.
He noted that this approach was also used in drafting Nigeria’s data protection law, which contributed to its global recognition. The Commission is now shifting from general guidelines to sector-specific frameworks because industries like hospitality, telecoms, and finance operate differently and require tailored safeguards.
Hospitality and Telecoms in Focus
Olatunji highlighted that the hospitality sector processes large volumes of personal information through bookings, payments, security systems, and third-party services. Meanwhile, telecoms remain central to almost all digital activities in the country. “Almost everything today runs on the phone,” he said, noting that telecommunications services connect banking, transport, health, and other daily transactions. He added that the NDPC operates independently in enforcement and sanctions, describing it as one of the most respected data protection authorities globally.
Resource person Rex Abitogun of Management Edge argued that a uniform framework would not work because each sector collects and processes different types of personal data with varying risks. He explained that telecoms infrastructure supports services across banking, health, and hospitality, making it central to data flows across industries. Abitogun emphasized that early engagement with stakeholders helps prevent resistance and improves compliance.
“There will be no resistance if you are not dumping it on operators. When they are part of the process, they own it and are more likely to implement it,” he said. He added that hospitality operators routinely handle sensitive data such as identity documents, payment records, CCTV footage, and Wi-Fi logs.
Cross-Border Data Flow Concerns
Another resource person, Abdul-Hakeem Ajijola, warned about the risks of relying heavily on foreign digital platforms and cross-border data flows. He said many digital services depend on external infrastructure, raising concerns about data control and value retention. Ajijola also noted that everyday digital interactions often involve extensive data collection, especially on global platforms powered by artificial intelligence.
Goal: Culture of Compliance
Speaking earlier, Head of Legal, Enforcement and Regulations at the NDPC, Babatunde Bamigboye, said the engagement is part of efforts to strengthen privacy rights and improve compliance under Nigeria’s legal framework. He stated that the Commission has conducted extensive reviews and engaged thousands of data controllers and processors through audits and assessments.
Bamigboye added that the NDPC is identifying sector-specific challenges to develop frameworks covering lawful processing, accountability, data minimisation, and security safeguards. “The goal is to move from paper-based compliance to a culture of compliance,” he said.
The Nigerian Communications Commission (NCC) and stakeholders from the telecom, financial, and hospitality sectors also participated in the engagement. Their input will feed into the development of final sectoral guidelines aimed at improving accountability and strengthening data protection across the affected industries.
