NDPC boss talks tough as Nigeria’s high-stakes battle for data sovereignty enters a critical phase

The second day of the IoT West Africa 2026 conference in Lagos was defined by a stark clash of ideologies regarding Nigeria’s digital future. While private infrastructure builders championed market-driven incentives to localise data, the government issued an uncompromising directive: comply with strict protection laws or face severe consequences.

The highlight was a keynote address by Dr Vincent Olatunji, the National Commissioner and CEO of the Nigeria Data Protection Commission (NDPC). Dr Olatunji laid bare the vulnerabilities within Nigeria’s burgeoning digital economy, a sector now valued at about $80.3 billion, representing nearly 20% of the country’s GDP.

The core issue, according to the commissioner, is a massive offshore storage deficit. “Over 90% of the data is stored outside the country,” he stated. He argued that this extreme reliance on foreign hosting makes it impossible for the nation to enforce the digital sovereignty it desperately needs.

This vulnerability is far from theoretical. Dr Olatunji revealed a troubling security metric, noting that Nigerian networks face over 4,000 cyberattack attempts every single week. He outlined the staggering pace of the global digital shift to contextualise the threat, adding that data generation has grown over 90 times in the past 15 years.

“More than 2.8 billion terabytes are generated every day,” he explained, pointing to video content, mobile-first adoption, and the proliferation of over 21 billion connected IoT devices worldwide as the primary growth drivers. With digital business models now dominating the global landscape, the commissioner argued that data must be treated as critical national infrastructure, and failing to secure it is a severe risk.”

“National security, everything is only about data now,” he warned.

The NDPC chief reserved his sharpest criticism for local infrastructure providers. He expressed deep frustration with data centres operating under the misconception that, because they merely warehouse it, they are somehow exempt from strict privacy regulations.

“They keep telling you they don’t process data,” Dr Olatunji observed, forcefully correcting the narrative. “But we tell them that storage is part of processing.” He made it explicitly clear that operators have “no excuse in law” and that failing to comply means they are actively taking advantage of the system.

NDPC’s data sovereignty push: The private sector perspective

This regulatory hardline stood in sharp contrast to the sentiments expressed later on during a panel session on the “Role of Digital Twins for Data Centre Optimisation in Nigeria”. Moderated by Faith Wodeika, the chairman of the African Data Centre Association (ADCA), the session featured heavyweights from Kasi Cloud, AWS, Uptime Institute, Zutari, and Galaxy Backbone.

Responding to a question from the audience on why over 80% of Nigerian businesses host their data outside the country, calling it a missed opportunity, AWS’s Kayode Akomolafe suggested that the country wasn’t digital enough and presently not viable for a Cloud Region.

Taking the debate further in an exclusive interview with Technext on the sidelines of the event, Johnson Agogbua, Founder and CEO of Kasi Cloud, argued vehemently against using heavy-handed regulations to force centre operators to host locally.

“I’m not a believer that every problem looks like a nail and then you have to use the regulatory hammer to knock it down,” he remarked. Drawing on his experience helping to build the second data centre in Ashburn, Virginia, he argued that competitive economic incentives are the proven catalyst for growth.

He cautioned that if neighbouring nations like Ghana or Kenya offer better incentives, foreign investment will naturally flow there instead.

He favoured a market-led approach, placing the onus on local enterprises. If Nigerian companies spend millions of dollars annually with foreign operators simply demand that their data be stored locally, those operators will build the necessary cloud regions in Nigeria to retain the business.

The core requirement is that local facilities offer Service Level Agreements (SLAs) with strict penalties that match international standards.

Yet, Dr Olatunji’s address highlighted the fundamental reason why the government feels compelled to intervene: consumer trust. He pointed out that massive datasets, representing over 230 million citizens, are held in storage offshore, and a lack of demonstrable privacy protection severely damages public confidence.

“If there is no privacy, there is no protection,” he argued, warning that international development partners will refuse to do business in a market that ignores compliance.