Follow Us on Google
By Taiwo Babatunde
In an exclusive interview, London-based cybersecurity expert and founder of PhishCLICK, Mr. Jamiu Olamilekan Akande, delivered a critical assessment of cloud-service compliance under Nigeria’s Data Protection Act (NDPA). He called on government agencies, enterprise customers, and cloud providers to adopt Privacy-By-Design as a non-negotiable standard.
NDPA Compliance: Current Shortfalls in the Cloud
Since the NDPA’s enactment in 2022, many organisations have struggled to translate its legal principles into effective cloud-native controls. Mr. Akande identified three major gaps:
1. Retrofit Privacy Controls
Many organisations rely on post-deployment fixes like consent banners or isolated encryption modules, which fail to demonstrate true data protection by design.
2. Lack of Auditability
Without standardized data-mapping, classification frameworks, and logging, firms lack the audit trails necessary to satisfy regulators.
3. Diffuse Accountability
Key management, incident response, and monitoring often fall under separate teams, hampering swift breach response and forensic investigations.
“Privacy-By-Design must be the bedrock of any cloud initiative,” said Mr. Akande. “It’s not a compliance exercise—it’s an engineering discipline that preserves citizens’ rights and strengthens national security.”
⸻
A Three-Fold Charge
Mr. Akande outlined a structured call-to-action for three key stakeholders:
1. Federal Government & Regulatory Bodies
• Mandate Privacy-By-Design in all official memos, procurement policies, and public-sector cloud contracts.
• Publish technical reference architectures, checklists, and legal template clauses to help map NDPA obligations to measurable controls.
2. Enterprise Customers (CIOs/CISOs)
• Implement end-to-end data mapping and classification that aligns with NDPA’s retention and disposal requirements.
• Demand contractual assurances for strong encryption, key management separation, and real-time audit logging.
3. Cloud Service Providers & Integrators
• Integrate Privacy Impact Assessments and threat modelling at every development stage—from initial design to deployment.
• Provide transparent compliance reports, open audit APIs, and ready-made modules for encryption, identity management, and continuous monitoring.
“When government, enterprises, and providers align on Privacy-By-Design,” Mr. Akande emphasized, “Nigeria gains a competitive edge in secure digital transformation.”
⸻
Next Steps for a Cohesive Ecosystem
To move from policy to practice, Mr. Akande urged the following:
• Government Working Groups should update internal guidelines and procurement frameworks by the end of the year.
• Industry Associations should publish sector-specific best-practice whitepapers and host workshops for privacy engineers and compliance officers.
• Security Vendors should build plug-and-play privacy modules that make compliance easier—especially for SMEs.
“As founder of PhishCLICK,” Mr. Akande concluded, “I’ve seen firsthand how proactive privacy engineering not only ensures NDPA compliance but also builds customer trust, strengthens cybersecurity resilience, and fuels long-term digital growth in Nigeria.”
