Good services are expensive. Getting the right data protection compliance organisation in Nigeria to assist with data privacy management might be hard. Banks, oil and gas and telecoms companies often opt for the KPMGs, Delliotes, and PWCs.
The charges by these so-called big threes are expensive. Most Nigerian companies complain about prices these organisations’ NDPR charges. But, there are DPCOs that charge less.
A particular Nigerian bank paid millions of naira for what one of the big three called “executive” training. Some executives in this bank lamented about the cost.
If your company is on a tight budget, if your company wants the best, and if your company wants to align appropriately with the Nigerian Data Protection Regulation and the European General Data Protection Regulation, it’s better to search for companies that give reasonable prices.
Lamenting about costs wouldn’t do the job. It is better to get the house clean than to allow guests tell you about how dirty your house looks. Data protection compliance frameworks doesn’t have to be expensive. Cutting costs means searching for a DPCO that understands the data protection regulation thoroughly and know how it applies to your company. Second, companies use softwares to ensure compliance. These tools can either be built in house or acquired from external companies. From my experience, however, it’s cost effective to outsorce the software service as this saves time and cost
One business executive claimed that these big three send representatives to lord over their procedures. To this, I’d argue that the terms of agreement must state obligations and work patterns. If your company doesn’t want consultants in your office, the terms of contract clarify this. But, then again, consultants, sometimes, must work in clients’ premises to carry out basic tasks like interviewing stakeholders, understanding the existing security protocols and accessing procedures in order to give critical feedbacks.
Companies can employ the services of a DPCO without breaking the bank. This doesn’t mean they should employ mediocrity, it means doing some research and finding the right company to work with. First, you want to seek proposals from existing DPCOs. From these proposals, you can separate the serious from the unserious by paying attention to their offerings and presentations. How much work or details have they poured into their proposal? What does it look like? Does the company understand what it’s saying? After this, call the representative of the company, ask probing questions and get to understand if they can help your company achieve your data protection goal.
Also, cost of DPCO services vary. It depends on the services required. Your negotiating skills must come to play here. Ask: is this worth the price? Ask around if you’re in doubt. Know your budget, carry out an in-house gap analysis to find out privacy gaps before employing the services of a DPCO.
Before you conclude that only the big threes understand data privacy, it’s wise to assess the small players in the field. The data protection service is new and no one DPCO, therefore, can claim to have the know-it-all solutions for every business needs.
Company executives are sad about tthe current price DPCOs charge for their services in Nigeria.These prices are not cast in stone; they can be negotiated. Companies should not allow the prices deter them from doing what’s right by their customers, employers and the business in general. Companies must ensure that they employ the right company to help them in their data protection journey and must be wise in their selection approach.
Dr. Irene is Data Protection Consultant and writes in from London.