• Suite B57 EFAB Mall, Area 11 Garki Abuja NG
ICA logo
SPEAK WITH A CONSULTANT

Data Protection Compliance Organisation Registration & Requirements

With over 97 million internet users and a rapidly expanding digital economy, Nigeria is seeing an unprecedented surge in data generation and processing, making data protection more crucial than ever. In fact, 91% of Nigerian businesses have experienced some form of data breach, leading to significant financial losses and legal consequences. As companies scramble to comply with the Nigeria Data Protection Regulation (NDPR), becoming a licensed Data Protection Compliance Organisation (DPCO) is not just a legal requirement—it is a critical step in safeguarding sensitive information. Want to know how to position your organisation as a certified DPCO and avoid costly penalties? Read on to discover everything you need to know about Data Protection Compliance Organisation Registration & Requirements!
Read the Full Article
How to Obtain NDPC License as a Data Protection Compliance Organisation (DPCO), Data Controller, or Data Processor of Major Importance

In today’s world, ensuring data privacy is paramount for businesses handling personal data. In Nigeria, organisations that wish to assist in enforcing data protection standards must register as a Data Protection Compliance Organisation (DPCO).

This article provides a comprehensive guide on the registration process, the requirements, and costs involved in becoming a DPCO.

What is a Data Protection Compliance Organisation (DPCO)?

A Data Protection Compliance Organisation (DPCO) is an entity accredited by the Nigeria Data Protection Bureau (NDPB) to offer data protection audits, compliance, training, and consultancy services to data processors and controllers.

A DPCO ensures that these organisations comply with Nigeria’s data protection regulations, including the Nigeria Data Protection Regulation (NDPR).

Key Services Provided by DPCOs

DPCOs offer various services to ensure compliance with NDPR, including:

  • Data Protection Audits: Ensuring organisations are compliant with the NDPR.
  • Compliance Training: Educating staff on data protection best practices.
  • Consultancy Services: Offering specialised guidance on data privacy.
  • Policy Drafting: Developing comprehensive data privacy policies.
  • Data Impact Assessments: Evaluating the risks associated with data processing activities.

Steps for Registering a Data Protection Compliance Organisation (DPCO)

1. Corporate Affairs Commission (CAC) Registration

The first step in registering as a DPCO is incorporating your business with the Corporate Affairs Commission (CAC). This ensures that your organisation is recognised as a legal entity in Nigeria. The cost of registration depends on your share capital.

  • Costs:
    • ₦100,000 and above for a share capital starting from ₦1 million.
    • This fee increases with the amount of share capital.

2. Obtain Professional or Academic Certifications

To qualify as a DPCO, you must provide evidence of certifications that show expertise in data protection and compliance. At least two staff members must hold professional or academic certifications in the field of data protection.

  • Recognised Certifications:
    • Certified Information Systems Auditor (CISA)
    • Certified Information Privacy Professional (CIPP)
    • Data Protection Officer (DPO) certifications

3. Prepare Required Documentation

To obtain a DPCO license, you need to gather several documents:

  • Evidence of CAC Registration: Proof of your company’s incorporation.
  • Tax Clearance Certificate: Proof of tax clearance from the Federal Inland Revenue Service (FIRS). The cost will depend on your organisation’s financial records.
  • Qualifications of Key Staff Members: At least two professionals within the organisation should have certifications in data protection.
  • Valid IDs of Two Directors: Government-issued IDs (such as passports or driver’s licenses) of two directors must be submitted.
  • Website Registration on a .ng Domain: Your website must be registered under the .ng domain to prove local presence.
  • Proof of Payment of Licensing Fee to NDPB: Evidence of payment of the required DPCO licensing fee, which is ₦2,000,000.

4. Submit Application to NDPB

Once all required documents are prepared, you can submit your application to the Nigeria Data Protection Bureau (NDPB). The NDPB will review your submission and assess whether your organisation meets the necessary requirements to offer DPCO services.

5. Approval and Issuance of License

Upon a successful review, the NDPB will issue a DPCO license. This license authorises your organisation to conduct audits, provide consultancy services, and ensure compliance with data protection laws in Nigeria.

Table: Breakdown of DPCO Registration Requirements and Costs

Requirement Details Estimated Cost (₦)
CAC Registration Based on share capital (₦1 million+) ₦100,000+
Professional Certifications CISA, CIPP, or DPO qualifications ₦500,000+
Tax Clearance Certificate Depends on financial records Varies
Qualifications of Two Key Staff Academic/professional data protection certifications Varies
Valid IDs of Two Directors Passport, Driver’s License, National ID
Website Registration (.ng Domain) Registration under Nigeria’s .ng domain ₦50,000 – ₦150,000
Licensing Fee to NDPB Paid to the Nigeria Data Protection Bureau ₦2,000,000

Liabilities of a DPCO

DPCOs carry significant responsibility in ensuring that organisations comply with data protection laws. If a DPCO fails in its duties, it can face penalties, and its clients may be exposed to risks. Key liabilities include:

  • Incorrect Auditing: If a DPCO conducts an inadequate audit and the organisation suffers a data breach, the DPCO may be held liable.
  • Non-Compliance Penalties: The NDPR imposes strict penalties for non-compliance. DPCOs are expected to ensure that their clients avoid these penalties.
  • Breach Reporting: DPCOs are required to report any data breaches uncovered during audits or compliance checks.

Common Misconceptions About DPCO Registration

1. Misconception: Any Company Can Become a DPCO

Not every business can become a DPCO. Organisations must have professionals who hold data protection certifications, and the organisation itself must meet specific technical requirements.

2. Misconception: DPCO Registration is a One-Time Event

Becoming a DPCO requires continuous effort, as compliance with evolving data protection laws is ongoing. Regular audits, training, and updates are required to stay compliant.

3. Misconception: Only Big Companies Need DPCOs

Some believe that only large corporations need to hire a DPCO. However, any organization that handles personal data, regardless of size, should ensure NDPR compliance, making DPCOs vital to businesses of all sizes.

FAQs

What is the role of a Data Protection Compliance Organisation?

A DPCO is responsible for conducting data protection audits, offering consultancy, and ensuring organisations comply with the Nigeria Data Protection Regulation (NDPR).

How much does it cost to register as a DPCO in Nigeria?

The licensing fee to register as a DPCO is ₦2,000,000. Additional costs may include CAC registration (₦100,000 and above) and professional certification fees.

Who can become a Data Protection Compliance Organisation?

Any organization with qualified staff possessing professional or academic certifications in data protection can apply to become a DPCO.

Is the DPCO license renewable?

Yes, a DPCO license is subject to renewal, and the organisation must continue to meet the compliance and operational standards set by the NDPB.

Conclusion

Registering as a Data Protection Compliance Organisation (DPCO) in Nigeria is a detailed process involving corporate registration, professional certification, and compliance with Nigeria’s data protection laws.

The steps outlined in this guide will help your organisation navigate the registration process and ensure that you are equipped to offer DPCO services.

With a clear understanding of the costs involved, the necessary documentation, and ongoing responsibilities, you can establish your organisation as a licensed and compliant DPCO.

Want to Speak with a Consultant?

Start a One-on-One Conversation With One of Our Senior Corporate/Litigation Law Experts.
Schedule an Appointment
Let's Chat on Whatsapp
Share this article

Related Posts

JAMB CBT Centre Accreditation 2025: Ultimate Step-by-Step Guide to Requirements, Costs & Approval

JAMB CBT Centre Accreditation 2025: Ultimate Step-by-Step Guide to Requirements, Costs & Approval

With a record‑breaking 2,030,627 candidates registered for UTME 2025—the highest in JAMB’s history—and just 793 accredited CBT centres nationwide, demand for

How to Obtain a Bureau de Change License in Nigeria: A Comprehensive Guide

How to Obtain a Bureau de Change License in Nigeria: A Comprehensive Guide

In March 2024, the Central Bank of Nigeria revoked 4,173 Bureau de Change licenses—its largest single enforcement action to date—underscoring a zero‑tolerance stance

How to Obtain an Internet Service Provider (ISP) License in Nigeria: A Comprehensive Guide

How to Obtain an Internet Service Provider (ISP) License in Nigeria: A Comprehensive Guide

Nigeria’s internet penetration stood at over 159 million active users as of 2025, making it one of Africa’s largest digital

Schedule an Appointment to Speak With One of Our Senior Legal Consultants

SPEAK WITH A CONSULTANT
Ibe Chido & Associates is a Leading Corporate and Legal Consultancy Firm in Nigeria - Providing expert advice and solutions
Customer Support

+2347085512510

Company
Services
News & Insights
Copyright© 2024 Ibe Chido & Asociates (ICA), All rights reserved.
Facebook-f Instagram Linkedin-in Twitter

Before you Leave!

Do You Want to Speak with a Senior Corporate Law or Litigation Expert?

SCHEDULE AN APPOINTMENT

OR

CHAT VIA WHATSAPP!