Nigeria — Fixed-Price Package

NDPA Compliance for Nigerian Fintechs

The NDPC is enforcing. The CAR deadline has passed. If your fintech doesn't have a compliance programme, you're exposed. We build the full programme — gap analysis to CAR-ready — in 4-6 weeks.

₦2,000,000fixed price|4-6 weeks
Get StartedNot Sure Yet? Start With a Diagnostic

Nigerian lawyer (BL). CIPP/E certified. 10+ years financial services compliance.

Why this matters now

  • NDPC CAR filing deadline has passed — late filers face up to 50% additional fee
  • Non-filing: fines up to 2% of annual revenue or ₦10 million
  • NDPC issued compliance notices to 1,300+ organisations
  • CBN AML automation directive takes effect June 10, 2026
  • Fintechs using AI are highest-risk for regulatory scrutiny

What's included

Gap analysis

We assess your current data protection posture against NDPA requirements. Every processing activity mapped. Every gap identified. You know exactly where you stand.

Policy development

Data protection policy, data retention policy, breach response procedure, data subject rights procedure, acceptable use policy. Tailored to your fintech, not templates.

Privacy notices

Customer privacy notice, employee privacy notice, cookie policy. NDPA-compliant, referencing the Act and your specific processing activities.

Data processing inventory

Complete register of every processing activity — what data, why, lawful basis, retention period, third parties, cross-border transfers. Required by NDPA and essential for CAR filing.

NDPC registration support

Guidance on registering as a Data Controller/Processor of Major Importance. Documentation prepared for submission.

DPO appointment guidance

Assessment of whether you need a DPO, role specification, and appointment documentation. Or transition to our DPO-as-a-Service.

CAR filing preparation

All documentation prepared and organised for your DPCO to file the Compliance Audit Return. We work with your DPCO or recommend one.

DPIA for AI systems

If your fintech uses AI (credit scoring, fraud detection, chatbots), we conduct a Data Protection Impact Assessment covering the specific risks of automated processing.

Serve diaspora customers? Add GDPR.

If your fintech serves Nigerian diaspora in the EU — remittances, cross-border payments, European partnerships — GDPR applies on top of NDPA. We build one unified programme covering both, not two separate compliance tracks.

GDPR layer: ₦500,000-₦1,000,000 additional, depending on complexity of EU data flows.

Not ready for the full programme?

NDPA Readiness Diagnostic — ₦500,000

We assess your current data protection posture against NDPA requirements. You get a written diagnostic: gaps, risks, and priority actions. No commitment to the full programme.

  • Fixed price: ₦500,000
  • Timeline: 1 week
  • Deliverable: 3-5 page diagnostic report with prioritised recommendations
  • If you proceed to the full programme, the ₦500,000 is deducted from the cost
Book a Readiness Diagnostic

Related guides

NDPA and GDPR Dual Compliance for Fintechs Using AI

Data Protection for Nigerian Banks: NDPA, CBN, and GDPR

Serving Diaspora Customers? Your GDPR Obligations

AI in Nigerian Financial Services: The Regulatory Stack

Using Cloud AI Without Breaking NDPA or GDPR

Building a Compliant AI Lending Platform in Nigeria

Frequently asked questions

What does the NDPA compliance programme include?

A full gap analysis of your current data protection posture, development of all required policies and procedures, privacy notices for customers and employees, NDPC registration support, DPO appointment guidance, CAR filing preparation, and a data processing inventory. Everything the NDPC expects to see.

Do I need this if we already have a privacy policy?

A privacy policy is one document in a compliance programme. The NDPC expects a full programme: records of processing, data retention schedules, breach response procedures, data subject rights processes, staff training records, DPIAs for high-risk processing, and annual CAR filing. If you only have a privacy policy, you have gaps.

What if we also need GDPR compliance?

If your fintech serves diaspora customers in the EU or uses EU-based cloud infrastructure, GDPR applies too. We build one unified programme covering both NDPA and GDPR — not two separate programmes. The additional GDPR layer typically adds ₦500,000-₦1,000,000 to the programme cost.

Do you handle the CAR filing?

We prepare everything for the CAR filing — the documentation, data processing inventory, and compliance evidence. The actual filing must go through a licensed DPCO. We can recommend DPCOs we work with, or work alongside your existing DPCO.

How long does the programme take?

4-6 weeks depending on the complexity of your data processing activities. Simple payment platforms may be closer to 4 weeks. Fintechs with AI systems, multiple data sources, and cross-border flows typically need 6 weeks.

Can you be our outsourced DPO?

Yes. DPO-as-a-Service is available as an ongoing engagement from ₦600,000/month. This includes acting as your named DPO, handling data subject requests, overseeing CAR filing, and advising on new processing activities. The compliance programme and DPO service can run together or separately.

Get your fintech NDPA-compliant

Fixed-price quote within 48 hours. Nigerian lawyer. CIPP/E certified.

Get Started — ₦2,000,000
Called to the Nigerian Bar (BL)CIPP/E Certified10+ Years Financial Services