NDPR Compliance | SocialLens Analytics

SocialLens Analytics Limited is committed to the highest standards of data protection and privacy. This document outlines our compliance with the Nigeria Data Protection Regulation (NDPR), 2019 issued by the National Information Technology Development Agency (NITDA).

      📜 Regulatory Reference

      Nigeria Data Protection Regulation (NDPR), 2019 — Issued pursuant to Section 6(c) of the NITDA Act 2007 and Section 37 of the Constitution of the Federal Republic of Nigeria (Right to Privacy).

Our Compliance Framework

SocialLens has implemented a comprehensive data protection framework aligned with NDPR requirements, including:

Appointment of a qualified Data Protection Officer (DPO)
Registration with NITDA as a Data Processor
Implementation of privacy-by-design principles
Regular data protection audits and impact assessments
Staff training on data protection obligations
Data breach response procedures

NDPR Data Protection Principles

We adhere to the eight core principles of the NDPR:

1. Lawfulness, Fairness, and Transparency

We process personal data only on lawful bases, fairly, and transparently. Our Privacy Policy clearly explains how we collect and use data.

2. Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes only — primarily to provide our social intelligence services and respond to inquiries.

3. Data Minimization

We collect only data that is adequate, relevant, and limited to what is necessary for the intended purposes.

4. Accuracy

We maintain reasonable measures to ensure personal data is accurate, complete, and kept up to date. You may request corrections at any time.

5. Storage Limitation

Data is retained only as long as necessary for the purposes for which it was collected, after which it is securely deleted or anonymized.

6. Integrity and Confidentiality (Security)

We implement appropriate technical and organizational measures to protect data against unauthorized or unlawful processing, loss, or damage.

7. Accountability

We maintain documentation of our processing activities and can demonstrate compliance with NDPR requirements.

8. Data Subject Rights

We respect and facilitate the exercise of data subject rights as outlined below.

Your Rights Under NDPR

As a data subject in Nigeria, you have the following enforceable rights:

🔍

Right to Access

Request confirmation of whether we process your data and obtain a copy.

✏️

Right to Rectification

Correct inaccurate or incomplete personal data.

🗑️

Right to Erasure

Request deletion of your data (the "right to be forgotten").

⏸️

Right to Restrict Processing

Limit how we use your data in certain circumstances.

📦

Right to Data Portability

Receive your data in a structured, machine-readable format.

❌

Right to Object

Object to processing based on legitimate interests.

📋

Right to Withdraw Consent

Withdraw previously given consent at any time.

⚖️

Right to Lodge a Complaint

File a complaint with NITDA.

To exercise any of these rights, contact our DPO at dpo@sociallens.ng. We will respond within 30 days as required by NDPR.

Data Protection Officer (DPO)

Dr. Adeola Ogunleye
Certified Data Protection Officer (CDPO)
Email: dpo@sociallens.ng
Phone: +234 (1) 888 1234 ext. 405
Address: SocialLens Analytics Ltd, 5th Floor, The Penthouse, Victoria Island, Lagos

Data Processing Register

As required by Article 4.1(3) of the NDPR, we maintain a Data Processing Register documenting:

Categories of processing activities
Data subjects and data categories
Recipients and transfers (including international)
Retention schedules
Security measures implemented

This register is available for inspection by NITDA upon request.

Security Measures

We implement industry-standard security measures including:

Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
Access Control: Role-based access, least privilege principle, MFA required
Monitoring: 24/7 intrusion detection and log monitoring
Backup: Regular encrypted backups with geographic redundancy
Incident Response: Documented breach response procedure with NITDA notification within 72 hours
Staff Training: Mandatory annual data protection training for all employees

Data Breach Notification

In the event of a personal data breach, we will:

Contain and assess the breach immediately
Notify NITDA within 72 hours of discovery
Notify affected data subjects where there is a risk to their rights
Document the breach and remediation actions

Third-Party Data Processors

We engage only processors who provide sufficient guarantees to implement appropriate technical and organizational measures. All processors sign Data Processing Agreements (DPAs) with standard contractual clauses. Current processors include:

Google LLC — Analytics (Data Processing Addendum in place)
Amazon Web Services (AWS) — Infrastructure (Africa region where available)
Formspree — Form processing (DPA executed)

International Data Transfers

When personal data is transferred outside Nigeria, we ensure appropriate safeguards under Article 2.11 of NDPR:

Standard Contractual Clauses (SCCs) as approved by NITDA
Adequacy decisions where applicable
Binding Corporate Rules (BCRs) for intra-group transfers

Data Protection Impact Assessments (DPIA)

We conduct DPIAs for high-risk processing activities, including our social media monitoring algorithms and sentiment analysis. DPIAs assess:

Necessity and proportionality of processing
Risks to data subjects
Mitigation measures

Training and Awareness

All SocialLens employees receive:

NDPR training upon hire
Annual refresher training
Role-specific privacy training for data handlers
Breach response procedure training

Compliance Audits

We conduct internal data protection audits annually, covering:

Processing register accuracy
Security measure effectiveness
Third-party processor compliance
Data subject request fulfillment

External audits may be conducted by NITDA or qualified third parties as required.

Complaints Process

If you believe your data protection rights have been violated, please:

Contact our DPO directly at dpo@sociallens.ng
We will acknowledge within 5 business days and investigate
A resolution will be provided within 30 days
If unsatisfied, you may escalate to NITDA

📋 NITDA Contact Information
National Information Technology Development Agency (NITDA)
Plot 730, Independence Avenue, Central Business District, Abuja
Phone: +234 (0) 9 291 3111
Email: regulatory@nitda.gov.ng
Website: nitda.gov.ng

Data Protection Fees

SocialLens has registered with NITDA and pays the applicable data protection fees as required under the NDPR Implementation Framework. Our NITDA registration number can be verified upon request.

Review and Updates

This NDPR Compliance Statement is reviewed annually and updated as necessary. The current version was approved by our Board of Directors on May 29, 2026.

📞 Get in Touch
For data protection inquiries, please contact our Data Protection Officer at dpo@sociallens.ng or call +234 (1) 888 1234.
We are committed to protecting your privacy and ensuring full compliance with the Nigeria Data Protection Regulation.