Skip to content
Connect your repo and audit your source code for NDPA compliance — ADIL builds your ROPA and flags risks on every pull request. Connect your repo — audit your code Start your audit — free →

NDPA compliance,
ready when it matters.

  Choose how you'll use Adil to continue

Run your own NDPA baseline. Find out in 90 seconds whether you're a Data Controller of Major Importance, get a defensible picture of where you stand, and bridge to a DPO or DPCO the moment you actually need one.

New to NDPA? Start the free assessment Tour the org workspace

Every DPO duty in one workspace — ROPA, DPIAs, breach timers, the SADPR — plus a DSAR agent that drafts responses across departments. Manage a single in-house mandate, or a whole portfolio of clients.

See exactly what your clients do with personal data. A 10-module audit stack, a live evidence timeline, AI analysis, and a defensible CAR you file straight with the NDPC.

See the audit trail

From signup to audit-ready. Without hiring anyone yet.

Adil runs the GAID 2025 triage, tracks the baseline the NDPA actually requires, and tells you plainly what you must do — and what you don't.

One mandate. One workspace. Every register.

Every NDPA register, a DSAR agent, and an AI collection agent that drafts the busywork for your review — for one organisation, or a whole book of clients.

From engagement letter to signed report. In one workspace.

Wire each client in once. Every answer, every uploaded artefact, every rules-engine decision is captured, scored, and ready to defend in front of the NDPC.

TriageSet upConnect
Answer a short questionnaire. Adil applies the GAID 2025 Schedule 7 test and tells you whether you're a DCMI, what you must do — and what you're free to skip.Self-register as an in-house or contract DPO, run the getting-started checklist, and pull in the organisation's existing records.One paste in your terminal. Adil scaffolds the engagement and emails the client's data owner an evidence-collection portal.
$adil triage › DCMI: EHL$adil dpo init$npx adil init xyz-bank
BuildOperateCapture
ROPA, privacy notice, gap self-check, breach log and training — the NDPA baseline, tracked in one place with every obligation mapped to its section.ROPA, SADPR, DPIAs, vendor & notices registers, breach timers — plus a DSAR agent and an AI collection agent that draft the busywork for your review.127 questions across 10 modules. Every answer mapped to an NDPA clause; every uploaded artefact extracted, indexed, and version-controlled.
› ROPA · gap-check · breach log · DPIA› DSAR SLA · review inbox · CPD log› 127 questions · 184 evidence files · live
BridgeHand offReport
Outgrown self-serve? Appoint an in-house DPO in place, outsource to a consultant, or generate a registration & CAR-prep pack for a licensed DPCO.Connect to a licensed DPCO for the formal audit and CAR — or, if you run a practice, manage every client from one portfolio.Rules engine scores. Model drafts. You review, sign, deliver. A 30/60/90-day remediation plan and a tamper-evident audit trail, included.
appoint · outsource · prep CARconnect DPCO · portfolioadil.ng/report/ADL-001

Your workspace. Honest about where you stand.

adil.ng/org/dashboard

Your workspace. The whole mandate, running.

adil.ng/dpo/workspace

The workspace. Watching it all.

adil.ng/workspace/xyz-bank
adil.ng/org/dashboardadil.ng/dpo/workspaceadil.ng/workspace/xyz-bank
Audit Modules
7 / 10 complete
NDPA 2023
01Website 8%58
02Governance 10%74
03Access Control 16%71
04Data Security 16%
05Infrastructure 12%···
06App Security 12%80
07Incident 10%42
08Third Party 10%66
09ROPA 9%88
10Subject Rights 8%
63
/ 100
XYZ Microfinance Bank
RC 1482031 · Financial Services · ADL-001
Findings
14
Critical
2
Pending
3 ⚑
Passed
28
Engagement progress
last 7 days
MonTueWedThuFriSatSun
Live event stream
streaming
CRITdb.xyz.ng · SSL disabled§39
HIGHBVN in public.users§25
HIGHNo DSAR contact§38
MEDCookie banner: no reject-all§26
HIGH12 vendors without DPAs§29
MEDNo 72-hr breach runbook§40
PASSMFA enforced (Okta)§39
LOWMissing CSP header§39
PASSROPA up to date§28
› 4,810 events view all →
Data Controller of Major Importance · EHL. You must register with the NDPC and appoint a DPO. Your CAR must be filed by a licensed DPCO (GAID Art.10(14)) — Adil prepares the pack. GAID 2025 · Schedule 7 §3 · ~3,400 data subjects / 6mo · financial sector
NDPA baseline
4 / 6 in progress
self-serve
ROPA 3 / 3
NDPA §28
Privacy notice live
GAID Art.6(j)
Gap self-check 62%
diagnostic
Breach log 72h timer
NDPA §40
Staff training 8 / 14
GAID Art.6(g)
DPIA to do
NDPA Sch.4
Readiness
indicative
48
/ 100
When you outgrow self-serve
Appoint an in-house DPOflip your account, keep every record
Outsource to a Consultant DPOre-keyed across, nothing lost
Registration & CAR-prep packhand off to a licensed DPCO
Registers
XYZ Bank · in-house DPO
1 client · portfolio
·ROPA142
·SADPRok
·DPIA2 open
·Vendors / processors37
·NDPC notices0
·Breach logclear
·Training log86%
·CPD log18h
DSAR Fulfilment Agent
30-day SLA
DSAR-2041 · Access requestRetail banking · fan-out to 3 depts6 days
DSAR-2038 · ErasureAI draft ready · awaiting your approval2 days
DSAR-2035 · PortabilityEvidence collected · drafting11 days
DSAR-2031 · ObjectionOverdue — escalated to you−1 day
› 4 active · 30-day clock open queue →
Review Inbox
agent
DRAFTMarketing · ROPA entry§28
DRAFTEngineering · retention§24
REVIEWVendor DPA · Paystack§29
DRAFTHR · staff data map§28
FLAGNo lawful basis · CCTV§25
REVIEWDPIA · new lending modelSch.4
› 6 awaiting approval approve all →
02 · What you get

Everything the NDPA asks. Nothing it doesn't.

/ 01
Know if you even
need a DPO.
The GAID 2025 Schedule 7 test runs on signup. Below threshold? You owe no DPO and no registration — and we say so plainly. A DCMI? You see your level and your exact obligations.
/ 02
The baseline,
tracked & free.
ROPA and gap self-check at ₦0 — find out where you stand and track your baseline, never paywalled. Pay only for the registers and tools you grow into.
/ 03
A clean bridge
when you scale.
Appoint a DPO in place, outsource to a consultant, or generate a registration & CAR-prep pack for a licensed DPCO — nothing re-keyed by hand, nothing lost in the handoff.

The whole mandate. One workspace.

/ 01
Every register
in one place.
ROPA, SADPR, DPIAs, vendor and notices registers, a breach log with a 72-hour NDPC timer, and your CPD log — each mapped to the section it satisfies.
/ 02
Agents do
the busywork.
A DSAR agent fans requests out to departments and tracks the 30-day SLA; an AI collection agent turns questionnaires into draft records. You stay the approver, not the typist.
/ 03
One client,
or a hundred.
Run a single in-house mandate, or manage a whole portfolio — per-client toolboxes, a compliance rollup with risk bands, and a marketplace profile that brings work in.

Three things, done well. Nothing else.

/ 01
Real evidence,
not assertions.
Every "yes" requires an artefact — a policy PDF, an IAM screenshot, a backup test record. The rules engine reads the file, not just the checkbox. If the policy is from 2022 you'll know before the client does.
/ 02
A score that
survives scrutiny.
Weighted composite across 10 modules, mapped to NDPA §25, §26, §29, §34, §38, §39, §40. You can show the regulator exactly how the score was computed and which evidence moved each control.
/ 03
A report your
client signs.
Executive summary, module scorecard, ranked findings, NDPA mapping, 30/60/90 day plan. Drafted by the model, reviewed by you, ready to email — or download as a PDF — in the same session.
03 · Defensibility

Auditor-grade from day one.

Whoever signs the report, Adil maintains the audit trail, versions every finding, and exports a complete, defensible package — ready for the NDPC.

NDPA · §40(3)

72-hour breach workflow

Pre-built breach-notification runbook. Trigger a notification draft, assign owners, timestamp the chain — the regulator sees a defensible timeline, not a frantic email.

NDPA · §39

Versioned evidence chain

Every uploaded artefact is hashed, versioned, and bound to the answer it supports. Re-runs preserve history. If the client claims they updated the DPA last month, you can prove they didn't.

NDPC · DPCO Audit

Exportable audit package

Generate signed PDF + JSON + evidence ZIP for any engagement, date range, or finding. NDPC-ready format, one click. Hand it to the regulator, hand it to the next DPCO.

Built to the NDPA 2023 standard · Aligned with ISO/IEC 27001 Annex A · NDEEG Act 2026 ready.
04 · Pricing

Pricing for where you sit. Free to start, every role.

No per-audit fees, no per-evidence surprises. The baseline duties the NDPA requires are never paywalled — you only pay to scale.

Org Free
₦0/ year
Run your NDPA baseline on your own.
  • Plain-English DCMI verdict
  • ROPA — up to 3 entries
  • Gap self-check
Org Pro
₦60k/ year
Unlimited records and the full register set.
  • Everything in Free, plus:
  • Unlimited ROPA + notices register
  • Staff training log & on-site inspections
  • Breach log — 72-hour NDPC timer
  • Vendor / processor register
  • DPIA builder
Org Connect
₦180k/ year
Compliance derived from your codebase.
  • Everything in Pro, plus:
  • Connect your repo — auto-ROPA from code
  • CI compliance feedback on every pull request
  • Continuous data-map & cross-border flags
  • Signed CAR technology evidence
  • Your source never leaves your CI
A Data Controller of Major Importance? Registration and CAR filing happen through a licensed DPCO (GAID Art.10(14)) — Adil assembles the prep pack and bridges you. The baseline duties stay free.
DPO Free
₦0/ year
For a designated DPO getting started.
  • ROPA — up to 3 entries
  • Core registers
  • Gap self-check
  • Internal inspections
  • No DSAR agent
DPO Professional
₦144k/ year
The full mandate, automated.
  • Unlimited entries
  • DSAR Fulfilment Agent
  • AI collection agent + review inbox
  • SADPR · DPIA · breach · vendors
  • PDF export · full DPCO connection
Consultant · early access
Portfolio
One workspace, many client orgs.
Starter ₦120k · 5 clients
Practice ₦300k · 15 clients
Firm ₦640k · 40 clients
Enterprise ₦1.2m · unlimited
  • Per-client toolboxes
  • Compliance rollup & risk bands
  • Marketplace profile
  • Per-client DPCO handoff
DPCO Professional
₦350k/ year
For a licensed DPCO running an audit book.
  • 15 client engagements
  • The full 10-module audit
  • AI analysis
  • CAR generation & filing
  • Multi-assignee collaboration
  • Audit-trail export (PDF + JSON + ZIP)
DPCO Firm
₦800k/ year
For multi-seat compliance firms.
  • Everything in Professional, plus:
  • 50 client engagements
  • 5 seats
  • Priority support
  • White-labelled client portal
05 · FAQ

Straight answers on NDPA compliance.

Do I need a DPCO if I'm a small startup?+

Not always — but if you process personal data at any meaningful scale, you'll need NDPA-compliant documentation, and a licensed DPCO is what files your Compliance Audit Return (CAR). Adil matches you with the right one and runs the audit on one platform.

How is NDPA different from GDPR?+

The NDPA 2023 mirrors many GDPR principles (lawful basis, data-subject rights, breach notification) but has Nigeria-specific obligations — DPCO licensing, the CAR filing, DCPMI registration, and the GAID 2025 guidelines. If you're GDPR-aware, the concepts will be familiar; the filings and authorities differ.

What is a Data Controller / Processor of Major Importance (DCPMI)?+

A DCPMI is an organisation that processes personal data above thresholds set by the NDPC (by volume or sensitivity). DCPMIs carry extra duties — including registration and the annual CAR. The readiness assessment helps you figure out whether you qualify.

How long does NDPA compliance take?+

For a startup with a forcing function, a focused engagement is typically 4–6 weeks to due-diligence-ready, faster if you already have a DPO and core documentation. Your readiness report gives you an estimate based on your actual gaps.

What happens if I miss the CAR filing deadline?+

There is a grace period after the headline deadline, after which late filing attracts a surcharge and enforcement risk. The point isn't a single date — it's not letting the grace period lapse. Adil helps you file before it does.

Can my external counsel or DPCO use Adil?+

Yes. Adil is built for licensed DPCOs and Consultant DPOs to run their engagements — your counsel can work alongside you on the same platform, and your compliance data transfers when you connect.

How does Adil compare to hiring a law firm or consultant?+

Adil isn't a replacement for expertise — it's the infrastructure that expertise runs on. You still work with a licensed DPCO/DPO, but the audit, evidence, ROPA, SADPRs, and CAR are produced on one platform instead of across spreadsheets and email.

How does Adil handle data-subject requests (DSARs)?+

Every data-subject request — access, erasure, correction, objection — runs as a tracked case against the NDPA's 30-day clock. Your staff log requests through a simple intake link, the agent benchmarks each milestone and flags the DPO the moment one slips, fans retrieval tasks out to the right departments, and keeps an immutable evidence trail for your CAR. It's included in DPO Professional.

Compliance infrastructure for Nigeria

The operating system for
Nigerian data compliance.

For organisations getting compliant, in-house and Consultant Data Protection Officers, and licensed DPCOs — every NDPA 2023 and GAID 2025 obligation, one platform.

$ adil --version 3.0.0 · NDPA 2023 · GAID 2025 · Nigerian Data Protection Act