Data Protection Self-Assessment for Nonprofits

Step 1 / 3

Accountability and Governance

Data Protection Self-Assessment for Nonprofits


This self-assessment toolkit has been created with nonprofit organisations in mind. It will be most helpful to small to medium sized organisations from the private, public and third sectors.

This assessment would enhance your organisation’s operational data protection efficiency by making sure personal information is accurate, relevant and safe while ensuring the data collected are used to inspire more target audience to take action.

Use our checklist to assess your organisation’s compliance with the Nigeria Data Protection Regulation (NDPR) and find out what you need to do to make sure you are keeping your beneficiaries personal data secure. Once you have completed each self-assessment checklist a short report will be created suggesting practical actions you can take to improve your data protection compliance.

Data protection checklists
This checklist is designed to help you assess your organisation’s compliance with data protection legislation. Includes the rights of individuals, how nonprofits collects personal information, use of personal data, access to and correction of personal data, data quality, data protection, storage/ data security and data breaches under the Nigeria Data Protection Regulation.

Step 2 / 3

Accountability & Governance.

1.1 Data Protection Officer (DPO)
Your organisation has appointed a data protection officer for your organisation *






1.2 Accountability
Your organisation has drafted and published a data protection policy in conformity with the Nigeria Data Protection Officer (NDPR) *





1.3 Duties of Data Controller Your organisation provides data protection awareness training for all staff and data protection officer *




Step 3 / 3

Lawfulness, Fairness and Tran.

2.1 Information you collect
Your organisation has filed an annual data protection audit with the NITDA *






2.2 Information you hold
Your organisation has systems to keep proper documentation of all personal information collected from beneficiaries *