DATA PROTECTION ADVISORY

The Data Protection Advisory Practice Group at Pelican Crest plays a critical role in helping organisations comply with global and local data privacy standards, including the Nigerian Data Protection Act, 2023 and the General Application and Implementation Directive (GAID), 2025. As part of the Pelican Crest Legal Practitioners umbrella, our team provides strategic guidance to ensure responsible data handling, privacy risk mitigation, and legal compliance.

We support businesses that collect, process, or store personal and sensitive data—developing and implementing robust data protection policies, responding to regulatory requirements, and managing data subject rights such as access, correction, and deletion. From breach response planning to staff training and DPO duties, we provide end-to-end support for operationalising privacy obligations.

Our mission is to foster a secure and compliant digital ecosystem. By integrating legal expertise with practical safeguards, we empower our clients to uphold data privacy, build trust, and operate with confidence in a rapidly evolving regulatory environment.

0% Data Protection

The Data Protection Advisory Expertise Across Nigeria

The Data Protection Advisory Practice at Pelican Crest plays a critical role in helping organisations comply with global and local data privacy standards, including the Nigerian Data Protection Act, 2023 and the General Application and Implementation Directive (GAID), 2025. As part of the Pelican Crest Legal Practitioners umbrella, our team provides strategic guidance to ensure responsible data handling, privacy risk mitigation, and legal compliance.

Registration of organizations as Data Controllers and/or Data Processors with the Nigerian Data Protection Commission (NDPC)
Compliance Audits to evaluate data handling practices against global and Nigerian privacy regulations
Data Protection Officer (DPO) as a Service to help you meet your obligations under the NDPA, 2023
Privacy Policy Development tailored to your operations and evolving regulatory requirements
Customised Data Protection Training & Awareness Programs for staff and management
Privacy Impact Assessments (PIAs) to identify and mitigate privacy risks early in projects
Legal & Regulatory Advisory to interpret and implement privacy laws in business operations

Data Protection & Privacy Advisory

Our work spans across
Strategic data protection advisory for startups, SMEs, multinational companies, and regulated entities
Registration of Data Controllers and Data Processors with the Nigerian Data Protection Commission (NDPC)
Development and implementation of privacy policies and compliance programs aligned with NDPA 2023 and global standards (e.g., GDPR)
Acting as outsourced Data Protection Officers (DPO-as-a-Service) to manage regulatory obligations and privacy frameworks

Beyond legal documentation, our Data Protection team drives awareness through training, risk assessments, and advisory sessions. Our team has facilitated executive workshops and compliance programs designed to elevate internal understanding of data rights, lawful processing, and governance obligations.

Whether supporting a tech startup in structuring its data processing activities or guiding a corporate client through a privacy impact assessment, Pelican Crest’s Data Protection Group delivers trusted, legally sound, and practical solutions for today’s digital environment.

Recent engagements include:

NDPC Registration & Advisory: Successfully registered a portfolio of local and international clients as Data Controllers and Processors with the NDPC, including documentation review, filing, and regulatory liaison.

Privacy Policy Suite Development: Led the drafting and rollout of a comprehensive data privacy policy suite—including internal guidelines, website notices, and consent protocols—for a health-tech provider expanding into multiple jurisdictions.

Privacy Risk & PIA Advisory: Conducted a Privacy Impact Assessment for a logistics platform integrating third-party analytics, identifying risks, and recommending technical and organizational safeguards to ensure NDPA compliance.

Data Protection Advisory

1. Data Protection Compliance & Registration

We help businesses register with the Nigerian Data Protection Commission (NDPC) as Data Controllers and Processors. Our service includes end-to-end guidance on meeting the requirements of the Nigerian Data Protection Act, 2023 and the General Application and Implementation Directive (GAID), 2025.

2. DPO-as-a-Service (Data Protection Officer)

Our dedicated DPO service allows organisations to outsource their data protection officer responsibilities to us, ensuring expert oversight of data processing activities, regulatory reporting, and legal compliance.

3. Privacy Policy & Framework Development

We draft and review data protection policies, consent protocols, privacy notices, and retention guidelines tailored to your industry, ensuring they align with global standards and Nigerian legal obligations.

4. Data Protection Audits & Risk Assessments

Our audit services evaluate your current data practices, identify privacy risks, and provide actionable recommendations. We also conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

5. Training, Awareness & Capacity Building

We deliver customised training programs that empower employees to understand their data protection responsibilities. These workshops improve compliance culture and reduce human-related breaches.

6. Legal Advisory on Data Rights & Enforcement

Our team offers expert legal support on interpreting and applying data protection laws. We also support individuals and organisations in asserting or defending data rights through formal legal channels.

7. Sector-Specific Solutions

We serve diverse sectors including health care, fintech, education, and real estate. Our bespoke solutions help clients adopt a data-centric culture while reducing regulatory and reputational risks.

Tech & SaaS

Financial Services

Healthcare & Healthtech

Telecommunications

Public Sector & Education

E-commerce & Digital Platforms

Team Profile

OMOTADE AFONJA

PRACTICE HEAD, PCLP DATA PROTECTION ADVISORY

Omotade Afonja is the Practice Head of PCLP Data Protection Advisory at Pelican Crest Legal Practitioners. A dedicated legal practitioner with nearly a decade of experience, Omotade began his career advising on legal compliance, contract negotiation, and risk management before specializing in data protection and privacy. He aligns business objectives with global and local regulations including the NDPA, GDPR, HIPAA, and CCPA. He leads teams in conducting Data Protection Impact Assessments (DPIAs), developing privacy-by-design frameworks, and implementing incident response plans.

Passionate about fostering a data-centric culture, Omotade delivers training workshops, advises executive leadership on risk mitigation, and helps organizations ensure both compliance and public trust. Outside of work, he is an animal enthusiast and offers pro bono legal advice to the ordinary citizen.

Qualifications: LL.B, B.L
Position: Practice Head, PCLP Data Protection Advisory
Expertise: DPO Services, Contract Advisory, Dispute Resolution (Data-related), Data Protection Training
Memberships: Nigerian Bar Association (NBA)
Contact: Send Email
Phone: 07086164363
LinkedIn: Omotade Afonja

FUNMILAYO ADEGBOLA ISAAC

ADMIN

With a strong background in legal administration and office management, Funmilayo Adegbola Isaac plays a vital role in ensuring the smooth and efficient operation of our firm. With a keen eye for detail and a commitment to excellence, they oversee daily administrative functions, coordinate schedules, maintain client records, and support the legal team with seamless workflow solutions.