THE Nigeria Data Protection Commission (NDPC) has begun steps to strengthen data protection rules for Nigeria’s hospitality and telecommunications sectors.

The move is part of broader efforts to develop sector-specific privacy frameworks tailored to industries handling large volumes of personal data.

The initiative was presented yesterday in Abuja at a stakeholder engagement on data protection and privacy frameworks covering the telecommunications, financial services and hospitality sectors.

The session brought together regulators, operators and industry experts to shape practical guidelines that translate Nigeria’s data protection law into sector-based compliance tools.

National Commissioner and Chief Executive Officer of the Nigeria Data Protection Commission, Dr Vincent Olatunji, said the Commission adopts a collaborative “co-creation” approach to rule-making rather than imposing regulations on operators.

He explained that stakeholders are involved from the drafting stage to ensure that regulations reflect the realities of each sector.

“In our law, we have the power to make regulations without necessarily going back to anybody, but we choose a co-creation approach where we engage stakeholders before finalising anything. Whatever we are creating is what we believe is good for Nigeria, and we present it for input,” Olatunji said.

He added that this approach was also used in drafting Nigeria’s data protection law, which he said contributed to its global recognition.

Olatunji noted that the Commission is now shifting from general guidelines to sector-specific frameworks because industries such as hospitality, telecoms and finance operate differently and require tailored safeguards.

He said the hospitality sector now processes large volumes of personal information through bookings, payments, security systems and third-party services, while telecoms remain central to almost all digital activities in the country.

“Almost everything today runs on the phone,” he said, noting that telecommunications services connect banking, transport, health and other daily transactions.

Olatunji added that the NDPC operates independently in enforcement and sanctions, describing it as one of the most respected data protection authorities globally.

Also speaking, one of the resource persons, Rex Abitogun of Management Edge said a uniform framework would not work because each sector collects and processes different types of personal data with different risks.

He explained that telecoms infrastructure supports services across banking, health and hospitality, making it central to data flows across industries.

Abitogun said early engagement with stakeholders helps prevent resistance and improves compliance.

“There will be no resistance if you are not dumping it on operators. When they are part of the process, they own it and are more likely to implement it,” he said.

He added that hospitality operators routinely handle sensitive data such as identity documents, payment records, CCTV footage and Wi-Fi logs.

Another resource person, Abdul-Hakeem Ajijola, warned about the risks of relying heavily on foreign digital platforms and cross-border data flows.

He said many digital services depend on external infrastructure, raising concerns about data control and value retention.

Ajijola also noted that everyday digital interactions often involve extensive data collection, especially on global platforms powered by artificial intelligence.

Speaking earlier, Head of Legal, Enforcement and Regulations at the Nigeria Data Protection Commission, Babatunde Bamigboye, said the engagement is part of efforts to strengthen privacy rights and improve compliance under Nigeria’s legal framework.

He said the Commission has conducted extensive reviews and engaged thousands of data controllers and processors through audits and assessments.

Bamigboye added that the NDPC is identifying sector-specific challenges to develop frameworks covering lawful processing, accountability, data minimisation and security safeguards.

“The goal is to move from paper-based compliance to a culture of compliance,” he said.

The Nigerian Communications Commission (NCC) and stakeholders from the telecom, financial and hospitality sectors also participated in the engagement, which will feed into the development of final sectoral guidelines aimed at improving accountability and strengthening data protection across the affected industries.