NDPA 2023 · GAID 2025 · NDPC Major Importance

NDPA compliance, done properly.

Klari is the system of record for in-house DPOs at Nigerian banks, fintechs, insurers, and gaming firms classified by the NDPC as Data Controllers and Processors of Major Importance. Records of Processing, DPIAs, and an audit trail your regulator will accept — in one place, in Frankfurt, signed and exportable.

Request access Sign in

Annual contracts · Naira billing · Late CAR filings carry a 50% surcharge

Firms under formal NDPC investigation

1,368

Aug 2025 enforcement sweep · banks, fintechs, insurers, gaming, pensions

Collected by the NDPC

₦7.2bn

Registration fees and penalties since enforcement intensified

Maximum fine, Major Importance

₦10m or 2%

Whichever is higher — of annual gross revenue, per NDPA

NDPC Major Importance · 13 sectors named

The August 2025 sweep covered financial services, insurance, gaming and pensions. Enforcement is broadening. If you’re here, you already know.

  • Aviation
  • Communication
  • Education
  • Electric power
  • Financial services
  • Health
  • Hospitality
  • Insurance
  • Oil and gas
  • Tourism
  • E-commerce
  • Export and import
  • Public service
  • Gaming
  • Pension

V1

Three features. Each one a thing the NDPC asks for.

We won’t bolt on policy generators or breach-notification bots until the core is right. Records, assessments, evidence — built to the standard a DPO would accept.

Records of Processing

RoPA Builder

A guided wizard for NDPA s.28 records, aligned to the GAID 2025 schema. Multi-step, save-and-resume, signed PDF export.

  • NDPA s.28 + GAID 2025 fields out of the box
  • Per-purpose lawful-basis tracking with audit trail
  • Signed PDF and machine-readable JSON export

Impact assessments

DPIA Workflow

Structured Data Protection Impact Assessments with risk scoring and reviewer sign-off. The sectors the NDPC has named DPIA-required, prefilled.

  • Risk scoring with controller / processor mapping
  • Reviewer sign-off and version history
  • Templates for finance, health, education, e-commerce, hospitality

Append-only

Audit Log + Evidence Locker

Every state change is a semantic, append-only event. Evidence uploads via signed URLs, short download TTLs, daily hash export.

  • Append-only at the database layer — not just policy
  • Signed-URL uploads, 15-minute download TTLs
  • Daily SHA-256 hash export for tamper-evidence
Why Klari

Built the way an auditor would build it.

Data resident in Frankfurt

Supabase Postgres + Storage in eu-central-1 only. Audit-defensible cross-border transfer posture out of the box — no US CDN holding your tenant data.

Append-only by construction

INSERT-only audit events at the database layer; the service-role key can’t mutate them. Daily SHA-256 hash export gives tamper-evidence without compromise.

Documents you can hand to the NDPC

Every PDF carries the organisation name, ISO timestamp, document hash, and version. Cover pages on DPIAs. No screenshots-as-evidence.

Limited design partners

Request access.

We onboard a small cohort of design partners ahead of general availability. Tell us who you are and what you’re preparing for — we read every submission.

Submissions go to a single inbox, not a tenant database. We reply from a klari.ng address within one business day.

We reply within one business day. Submissions are stored in our inbox only — not in any tenant database.