Enforcement, Compliance & Drafting Agreements
NDPA enforcement is no longer theoretical. In 2026, it is active, targeted, and consequential.
With regulators intensifying investigations, fines becoming more visible, and contractual non-compliance exposing organisations to significant legal and reputational risk, data protection has moved from policy documents to boardroom priority. This webinar delivers a rare, enforcement-informed, practice-driven perspective on what compliance truly means under Nigeria’s Data Protection Act in 2026—and how organisations must respond.
This NBA-accredited webinar delivers a practical, enforcement-driven analysis of Nigeria’s Data Protection Act in 2026—covering regulatory expectations, organisational compliance risks, and NDPA-compliant contract drafting. Led by senior regulators and top commercial law firm partners, the session equips participants with clear, actionable guidance to manage data privacy risk effectively.
Total Duration: 2 Hours (130 Minutes)
Delivery Format: Expert-led CPD Training (Hybrid / Physical / Virtual)
Target Audience: Legal Practitioners, In-House Counsel, Compliance Officers, Risk Managers, Business Leaders
Accreditation: Nigerian Bar Association
CPD Credit: 1 Credit Hour
Registration Link: https://bit.ly/EPLANDPA
Faculty:
1. Ibukunoluwa Owa CIPP/E, Assistant Manager, Regulations Unit, Nigeria Data Protection Commission- NDPC,
2. Ifeanyi E. Okonkwo, (Partner, Stillwaters Law)
3. Kolade Olawuni, Partner | Babalakin & Co.
Host: Lere Fashola, Founder, ESQ Trainings Limited
Opening & Context Setting (5 Minutes)
Delivered by Host: Lere Fashola, Founder, ESQ Trainings Limited
• Overview of NDPA’s strategic importance in 2026
• Alignment with Nigeria’s evolving digital economy and regulatory priorities
• Learning objectives and session flow
Faculty Session 1: NDPA Enforcement & Regulatory Outlook (2026)
Duration: 35 Minutes
Faculty Profile: Ibukunoluwa Owa CIPP/E, Assistant Manager, Regulations Unit, Nigeria Data Protection Commission- NDPC.
Module Title: NDPA Enforcement in 2026: What Regulators Will Enforce and Why
Learning Outcomes
Participants will:
• Understand the enforcement direction of NDPC in 2026
• Identify sectors and practices under heightened regulatory scrutiny
• Anticipate penalties, investigations, and compliance triggers
Key Topics
• NDPA enforcement framework and powers of the NDPC
• 2024–2025 enforcement trends shaping 2026 priorities
• Regulatory focus areas:
o Cross-border data transfers
o Consent management failures
o Vendor and processor oversight
• Administrative fines, sanctions, and reputational risk
Practical Insights
• Review of recent enforcement actions and regulatory warnings
• Common compliance failures triggering investigations
• “What organisations believe is compliant vs what regulators actually expect”
Interactive Element (5 mins within session)
• Audience poll: “Which NDPA risk keeps your organisation exposed in 2026?”
Faculty Session 2: Drafting NDPA-Compliant Agreements & Risk Allocation
Duration: 35 Minutes
Faculty Profile: Ifeanyi E. Okonkwo, (Partner, Stillwaters Law)
Module Title: Drafting NDPA-Compliant Agreements: From Theory to Enforceable Clauses
Learning Outcomes
Participants will:
• Draft and review NDPA-compliant contractual clauses
• Allocate data protection risk effectively in commercial agreements
• Avoid drafting errors that invalidate compliance efforts
Key Topics
• Mandatory NDPA clauses in data processing agreements
• Controller–processor relationships and liability allocation
• NDPA considerations in:
o Employment contracts
o Vendor and outsourcing agreements
o SaaS and technology contracts
• Cross-border transfer clauses and safeguards
• Audit, indemnity, and termination provisions
Practical Drafting Exercises
• Walkthrough of a compliant Data Processing Agreement (DPA)
• Clause-by-clause review of common drafting mistakes
• “Red flag” clauses regulators and auditors scrutinise
Faculty Session 3: Organisational Compliance & Data Breach Management
Duration: 40 Minutes
Faculty Profile: Kolade Olawuni, Partner | Babalakin & Co.
Module Title: Building NDPA-Compliant Organisations: Risk, Controls & Breach Readiness
Learning Outcomes
Participants will:
• Map NDPA compliance obligations to internal processes
• Identify high-risk operational and governance gaps
• Manage data breaches confidently and lawfully
Key Topics
• Core NDPA compliance obligations for controllers and processors
• High-risk areas in practice:
o HR data
o Customer databases
o Marketing and CRM systems
o IT outsourcing and cloud services
• Data Protection Impact Assessments (DPIAs): when and how
• Data breach identification, containment, and reporting timelines
• Engagement with regulators and affected data subjects
Practical Illustrations
• Data breach simulation: “48 hours after discovery – what must be done?”
• Internal compliance checklist for Nigerian organisations
• “Silent breaches” organisations often miss
Interactive Session (5 mins within session)
• Scenario discussion: responding to a ransomware-driven data leak
Consolidated Q&A and Close-Out (15 Minutes)
All Faculty
• Practical questions from participants
• Key compliance takeaways for 2026
• Post-training action steps for organisations and legal teams
Key Value Proposition
• Enforcement-driven (not academic)
• Practical compliance strategies tailored to Nigeria
• Transaction-ready drafting guidance
• Immediate organisational applicability
