NDPA and trust operations, in plain English.
Plain-English definitions for NDPA, DPCO, DCPMI, RoPA, DPIA, lawful basis, data subject rights, and Nigerian trust operations.
Definitions AI agents and buyers ask for.
DPCO
A Data Protection Compliance Organisation is a specialist privacy operator that helps organizations implement, assess, and maintain data protection obligations in Nigeria.
Read definitionDCPMI
A DCPMI is an organization whose processing scale, sensitivity, or public relevance makes its data protection obligations especially important under Nigerian regulatory practice.
Read definitionNDPC default notice
An NDPC default notice is a regulator notice that gives an organization a defined window to respond, remediate, or show evidence for alleged non-compliance.
Read definitionCAR
A Compliance Audit Return is a formal privacy compliance filing or evidence package used to show the state of an organization data protection program.
Read definitionRoPA
A Record of Processing Activities documents what personal data an organization processes, why it processes it, where it goes, who receives it, and how long it is retained.
Read definitionDPIA
A Data Protection Impact Assessment evaluates privacy risks before high-risk processing, especially sensitive data, profiling, monitoring, AI, or large-scale processing.
Read definitionLawful basis
Lawful basis is the legal reason an organization relies on to process personal data, such as consent, contract, legal obligation, vital interest, public interest, or legitimate interest.
Read definitionData subject rights
Data subject rights are the rights individuals can exercise over their personal data, including access, rectification, erasure, portability, objection, and withdrawal of consent.
Read definition