• Delegations from Zambia and Zimbabwe visited the Nigerian Data Protection Commission (NDPC) to study its practices, aiming to replicate Nigeria's successful model.

• Key focus areas included the public-private partnership model, human capital development, policy creation, and public awareness, as highlighted by NDPC Commissioner Vincent Olatunji.

• The visit follows a growing need for robust data protection amid digital transformation, as noted by Yellow Card, while challenges persist in adapting the model to differing local contexts.

Zambia and Zimbabwe are looking to Nigeria for guidance in personal data protection, with separate delegations from the two Southern African nations making a working visit this week to the headquarters of the Nigerian Data Protection Commission (NDPC). The meetings took place on the sidelines of the General Assembly of the African Network of Personal Data Protection Authorities (RAPDP) held in Abuja, Nigeria.

"The purpose of the visit was for the delegations to understudy the day-to-day operations of the NDPC, with a view to replicating best practices in their respective countries," the NDPC said in a statement released on Wednesday, May 14.

Vincent Olatunji, the National Commissioner of the NDPC, provided the visiting delegations with an overview of the development of data protection in Nigeria. He emphasized that the Commission has developed a strategic roadmap that has served as its guide since the enactment of the Nigeria Data Protection Act of 2023. Olatunji highlighted the public-private partnership model as a key driver of the institution's success. Discussions also covered crucial areas such as human capital development, public awareness campaigns, policy formulation, and collaborative strategies.

This benchmarking visit occurs against a backdrop of rapid digital transformation and the widespread use of electronic communication services. "As more African countries go digital, protecting personal data and ensuring privacy has become a critical concern. People, businesses, and governments are increasingly aware of the need to safeguard personal information as the world becomes more interconnected," noted the cryptocurrency exchange platform Yellow Card in its 2025 report, "The State of Data Protection Laws in Africa."

This knowledge exchange could empower the data protection authorities of Zambia and Zimbabwe to enhance their capacity to fully execute their responsibilities, which, according to Yellow Card, include enforcing legislation, investigating breaches, and assisting businesses and citizens in adopting best practices. For instance, a joint 38-month investigation by Nigeria's Federal Competition and Consumer Protection Commission (FCCPC) and the NDPC found that WhatsApp had violated Nigerian data protection and competition laws, resulting in a $220 million fine imposed on its parent company, Meta, in July 2024.

However, replicating the Nigerian model in Zambia and Zimbabwe could present challenges due to differing national contexts. Furthermore, Yellow Card points out that the effectiveness of data protection authorities across the African continent varies due to disparities in resources, expertise, and political commitment.

By Isaac K. Kassouwi,

Editing by Sèna D. B. de Sodji