Top Posts
Sahara Group boosts environmental sustainability, economic empowerment with...
The burden of a virus
States generate N986.2 billion IGR in 9-month, rise...
Nigeria Daily Street Market Exchange Rate (December 20th...
Spotify usage soars to 1.3bn hours as streaming...
Global instability catapults gold to top-performing asset class...
How social apps are redefining Nigeria’s  retail sector
NGX expands market offerings with commercial paper listings
Transquest positions 20th anniversary as platform for industry...
LCCI welcomes Leye Kupoluyi as 44th president amid...
Click, trade, transform: Africa’s e-Commerce is in revolution
Google Search trends show Nigerians shaping markets through...
Nigeria operates uneconomic, illiquid gas, power sectors
Farmcrowdy partners with Oyo state govt. to boost...
Friday, December 5, 2025
SUBSCRIBE
Top Posts
Sahara Group boosts environmental sustainability, economic empowerment with...
The burden of a virus
States generate N986.2 billion IGR in 9-month, rise...
Nigeria Daily Street Market Exchange Rate (December 20th...
Spotify usage soars to 1.3bn hours as streaming...
Global instability catapults gold to top-performing asset class...
How social apps are redefining Nigeria’s  retail sector
NGX expands market offerings with commercial paper listings
Transquest positions 20th anniversary as platform for industry...
LCCI welcomes Leye Kupoluyi as 44th president amid...
Click, trade, transform: Africa’s e-Commerce is in revolution
Google Search trends show Nigerians shaping markets through...
Nigeria operates uneconomic, illiquid gas, power sectors
Farmcrowdy partners with Oyo state govt. to boost...
Friday, December 5, 2025

Nigeria’s data protection dream in the cloud — Not our cloud!

MICHAEL IRENE

A few months ago, a friend of mine working in a top Nigerian fintech had a scare. Their customers’ personal data —including sensitive transaction histories — had been caught up in a global outage. But when the tech team scrambled to trace the issue, they discovered the servers weren’t in Lagos, Abuja, or anywhere in Africa. The data was sitting somewhere in Ireland, with a backup in California. No one on the ground in Nigeria had visibility. No regulator could touch it.

This isn’t an isolated incident. It’s the daily reality of Nigeria’s digital infrastructure.

Since the introduction of the Nigeria Data Protection Regulation (NDPR) in 2019, we’ve spoken confidently about protecting citizens’ privacy, strengthening compliance, and building a local data economy. But we’ve ignored the elephant in the room: most of our country’s data isn’t stored in Nigeria.

Despite lofty ambitions, Nigeria has a critical shortage of world-class, enterprise-grade data centres on home soil. As a result, banks, telcos, e-commerce firms, hospitals, and even government agencies often rely on foreign cloud providers— whose infrastructure sits thousands of miles away, governed by foreign laws, and monitored by regulators who have no obligation to respect our privacy or sovereignty.

This structural gap weakens the NDPR in three fundamental ways.

First, it compromises regulatory control.
If citizen data is stored in Frankfurt or Dublin, Nigerian regulators can’t easily audit who’s accessed it, how it’s been used, or whether it’s been deleted in line with local retention rules. In practice, enforcement becomes toothless. When breaches occur or rights are violated, we’re left negotiating with multinational providers who owe us no loyalty and often no transparency. Our regulators are spectators, not enforcers.

Second, it invites foreign interference.
Data stored abroad is subject to the laws of that territory. A foreign government can legally demand access to Nigerian citizens’ data under its national security or surveillance frameworks. The NDPR is powerless in such cases. Nigerian citizens may never even know their data was accessed or exported for analysis.

Third, we’re exporting value.
Data is now a top-tier economic asset. The more local data you control, the more insights you generate, and the more advanced digital services you can develop. But when our data is housed offshore, we’re handing over not just information, but investment, job creation, and innovation opportunities. The Nigerian cloud economy — cloud engineers, compliance professionals, cybersecurity vendors, AI developers —remains painfully underdeveloped because we’ve outsourced the very foundation it needs to thrive.

To put it plainly: we’re building castles on foreign sand.

It doesn’t have to be this way. Countries like India, Brazil, and South Africa have invested heavily in building local data infrastructure — encouraging domestic cloud innovation while still maintaining international partnerships. Nigeria, with its massive youth population and rapidly digitising economy, can do the same. But we must stop pretending that digital regulation alone is enough.

Data protection cannot be reduced to paperwork, policies, and tick-box audits. It must be rooted in physical control and local infrastructure. The NDPR, for all its good intentions, needs a second phase — one focused on data localisation incentives, public-private partnerships to fund data centres, and mandatory thresholds for critical sectors to store certain categories of data within Nigeria.

I’m not suggesting we build a digital wall or reject foreign partners. Global collaboration is essential. But so is sovereignty. Nigeria must have the ability to say, with confidence, “this data is ours, and it lives here.”

The friend I mentioned earlier? Their company is now migrating parts of its workload to a new data centre being built just outside Lagos. It’s a small move, but a significant one. Because for the NDPR to mean anything, we can’t just protect data — we must also own the ground it stands on.

Only then will Nigeria’s data protection vision stop floating in the cloud — and finally take root in our soil.
business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com

You Might Also Like
0 FacebookTwitterPinterestTumblrVKOdnoklassnikiRedditStumbleuponLINEPocketSkypeViberThreadsBlueskyEmail

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Heading Title

CSOs seek ecological fund allocations disclosure by Cross River LGCs

Delta’s economic future set with The Alternative Bank’s Effurun flagship...

Nasarawa receives record $400m FDI in rare earth, critical minerals...

UAC, Morison, Ecobank drive NGX to N92.73trn amid cautious market

Global South seeks $348bn in revenue with Pay-Where-You-Play tax model

Google Search trends show Nigerians shaping markets through online engagement

Nigeria’s data protection dream in the cloud — Not our cloud!

MICHAEL IRENE

A few months ago, a friend of mine working in a top Nigerian fintech had a scare. Their customers’ personal data —including sensitive transaction histories — had been caught up in a global outage. But when the tech team scrambled to trace the issue, they discovered the servers weren’t in Lagos, Abuja, or anywhere in Africa. The data was sitting somewhere in Ireland, with a backup in California. No one on the ground in Nigeria had visibility. No regulator could touch it.

This isn’t an isolated incident. It’s the daily reality of Nigeria’s digital infrastructure.

Since the introduction of the Nigeria Data Protection Regulation (NDPR) in 2019, we’ve spoken confidently about protecting citizens’ privacy, strengthening compliance, and building a local data economy. But we’ve ignored the elephant in the room: most of our country’s data isn’t stored in Nigeria.

Despite lofty ambitions, Nigeria has a critical shortage of world-class, enterprise-grade data centres on home soil. As a result, banks, telcos, e-commerce firms, hospitals, and even government agencies often rely on foreign cloud providers— whose infrastructure sits thousands of miles away, governed by foreign laws, and monitored by regulators who have no obligation to respect our privacy or sovereignty.

This structural gap weakens the NDPR in three fundamental ways.

First, it compromises regulatory control.
If citizen data is stored in Frankfurt or Dublin, Nigerian regulators can’t easily audit who’s accessed it, how it’s been used, or whether it’s been deleted in line with local retention rules. In practice, enforcement becomes toothless. When breaches occur or rights are violated, we’re left negotiating with multinational providers who owe us no loyalty and often no transparency. Our regulators are spectators, not enforcers.

Second, it invites foreign interference.
Data stored abroad is subject to the laws of that territory. A foreign government can legally demand access to Nigerian citizens’ data under its national security or surveillance frameworks. The NDPR is powerless in such cases. Nigerian citizens may never even know their data was accessed or exported for analysis.

Third, we’re exporting value.
Data is now a top-tier economic asset. The more local data you control, the more insights you generate, and the more advanced digital services you can develop. But when our data is housed offshore, we’re handing over not just information, but investment, job creation, and innovation opportunities. The Nigerian cloud economy — cloud engineers, compliance professionals, cybersecurity vendors, AI developers —remains painfully underdeveloped because we’ve outsourced the very foundation it needs to thrive.

To put it plainly: we’re building castles on foreign sand.

It doesn’t have to be this way. Countries like India, Brazil, and South Africa have invested heavily in building local data infrastructure — encouraging domestic cloud innovation while still maintaining international partnerships. Nigeria, with its massive youth population and rapidly digitising economy, can do the same. But we must stop pretending that digital regulation alone is enough.

Data protection cannot be reduced to paperwork, policies, and tick-box audits. It must be rooted in physical control and local infrastructure. The NDPR, for all its good intentions, needs a second phase — one focused on data localisation incentives, public-private partnerships to fund data centres, and mandatory thresholds for critical sectors to store certain categories of data within Nigeria.

I’m not suggesting we build a digital wall or reject foreign partners. Global collaboration is essential. But so is sovereignty. Nigeria must have the ability to say, with confidence, “this data is ours, and it lives here.”

The friend I mentioned earlier? Their company is now migrating parts of its workload to a new data centre being built just outside Lagos. It’s a small move, but a significant one. Because for the NDPR to mean anything, we can’t just protect data — we must also own the ground it stands on.

Only then will Nigeria’s data protection vision stop floating in the cloud — and finally take root in our soil.
business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com

You Might Also Like
[quads id=1]

Get Copy

Leave a Comment

0 FacebookTwitterPinterestTumblrVKOdnoklassnikiRedditStumbleuponLINEPocketSkypeViberThreadsBlueskyEmail

Michael Irene, CIPM, CIPP(E) certification, is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke