Nigeria — Fixed-Price Package

NDPA Compliance for Nigerian Fintechs

The NDPC is enforcing. The CAR deadline has passed. If your fintech doesn't have a compliance programme, you're exposed. We build the full programme — gap analysis to CAR-ready — in 4-6 weeks.

₦3,500,000fixed price|4-6 weeks
Book the ₦500,000 diagnosticMessage us on WhatsApp

Nigerian lawyer (BL). CIPP/E certified. 10+ years financial services compliance.

Or fill out the diagnostic form if you prefer email.

Why this matters now

  • NDPC CAR filing deadline has passed — late filers face up to 50% additional fee
  • Non-filing: fines up to 2% of annual revenue or ₦10 million
  • NDPC issued compliance notices to 1,300+ organisations
  • CBN AML automation directive takes effect June 10, 2026
  • Fintechs using AI are highest-risk for regulatory scrutiny

What's included

Gap analysis

We assess your current data protection posture against NDPA requirements. Every processing activity mapped. Every gap identified. You know exactly where you stand.

Policy development

Data protection policy, data retention policy, breach response procedure, data subject rights procedure, acceptable use policy. Tailored to your fintech, not templates.

Privacy notices

Customer privacy notice, employee privacy notice, cookie policy. NDPA-compliant, referencing the Act and your specific processing activities.

Data processing inventory

Complete register of every processing activity — what data, why, lawful basis, retention period, third parties, cross-border transfers. Required by NDPA and essential for CAR filing.

NDPC registration support

Guidance on registering as a Data Controller/Processor of Major Importance. Documentation prepared for submission.

DPO appointment guidance

Assessment of whether you need a DPO, role specification, and appointment documentation. Or transition to our DPO-as-a-Service.

CAR filing preparation

All documentation prepared and organised for your DPCO to file the Compliance Audit Return. We work with your DPCO or recommend one.

DPIA for AI systems

If your fintech uses AI (credit scoring, fraud detection, chatbots), we conduct a Data Protection Impact Assessment covering the specific risks of automated processing.

Serve diaspora customers? Add GDPR.

If your fintech serves Nigerian diaspora in the EU — remittances, cross-border payments, European partnerships — GDPR applies on top of NDPA. We build one unified programme covering both, not two separate compliance tracks.

GDPR layer: ₦500,000-₦1,000,000 additional, depending on complexity of EU data flows.

Need ongoing DPO support instead of a one-off programme?

The compliance programme above is a 4-6 week build. If your fintech needs a named Data Protection Officer on a continuing basis (NDPA Section 32 designation, NDPC coordination, DSARs, breach response, monthly reporting), the right product is the outsourced DPO retainer.

Three Naira-priced tiers from ₦600,000/month. Twelve-month minimum. Coordinates with your licensed DPCO for CAR filing.

View outsourced DPO retainer details →

Not ready for the full programme?

NDPA Readiness Diagnostic — ₦500,000

We assess your current data protection posture against NDPA requirements. You get a written diagnostic: gaps, risks, and priority actions. No commitment to the full programme.

  • Fixed price: ₦500,000
  • Timeline: 1 week
  • Deliverable: 3-5 page diagnostic report with prioritised recommendations
  • If you proceed to the full programme, the ₦500,000 is deducted from the cost
Book the diagnosticPrefer WhatsApp?

Related guides

NDPA Compliance for Nigerian Fintechs Using AI Systems

Data Protection for Nigerian Banks: NDPA, CBN, and GDPR

Serving Diaspora Customers? Your GDPR Obligations

AI in Nigerian Financial Services: The Regulatory Stack

Building a Compliant AI Lending Platform in Nigeria

Frequently asked questions

What does the NDPA compliance programme include?

A full gap analysis of your current data protection posture, development of all required policies and procedures, privacy notices for customers and employees, NDPC registration support, DPO appointment guidance, CAR filing preparation, and a data processing inventory. Everything the NDPC expects to see.

Do I need this if we already have a privacy policy?

A privacy policy is one document in a compliance programme. The NDPC expects a full programme: records of processing, data retention schedules, breach response procedures, data subject rights processes, staff training records, DPIAs for high-risk processing, and annual CAR filing. If you only have a privacy policy, you have gaps.

What if we also need GDPR compliance?

If your fintech serves diaspora customers in the EU or uses EU-based cloud infrastructure, GDPR applies too. We build one unified programme covering both NDPA and GDPR — not two separate programmes. The additional GDPR layer typically adds ₦500,000-₦1,000,000 to the programme cost.

Do you handle the CAR filing?

We prepare everything for the CAR filing — the documentation, data processing inventory, and compliance evidence. The actual filing must go through a licensed DPCO. We can recommend DPCOs we work with, or work alongside your existing DPCO.

How long does the programme take?

4-6 weeks depending on the complexity of your data processing activities. Simple payment platforms may be closer to 4 weeks. Fintechs with AI systems, multiple data sources, and cross-border flows typically need 6 weeks.

Can you be our outsourced DPO?

Yes. We offer a fractional Data Protection Officer service for Nigerian fintechs as an ongoing engagement under NDPA Section 32 designation. Three retainer tiers from ₦600,000/month covering NDPC coordination, DSARs, breach response, DPIA reviews, CAR pack preparation, and DPCO liaison. See the full scope on our outsourced DPO for fintechs page (link in services).

Get your fintech NDPA-compliant

Start with the diagnostic. Written review first, full programme second.

Book the ₦500,000 diagnostic
Called to the Nigerian Bar (BL)CIPP/E Certified10+ Years Financial Services