This project reflects the type of work I lead and execute in real-world engagements. The documentation consolidates insights from that experience alongside my ongoing self-directed study. All materials use synthetic data—no client information is reproduced—and the templates are either self-developed or properly licensed and are not proprietary to any organisation.
GETCO Solutions Limited operates a digital lending and Buy-Now-Pay-Later platform (GETMONI) in Nigeria, processing highly sensitive personal data for credit assessment. Led and executed an NDP Act-compliant Data Privacy Impact Assessment DPIA to identify and mitigate privacy risks, protecting both users and the business from regulatory harm.
Applied a structured, collaborative methodology throughout.
-
Applied the official NDP Act GAID Schedule 4 DPIA Checklist, adapted to GETMONI's workflow, which the client populated.
-
Verified lawful bases and mapped data flows, then focused on high-risk areas like cross-border transfers and third-party vendors.
-
Synthesised all findings, evidence, and recommendations into a final report for leadership, complete with risk ratings and a remediation plan.
-
Undocumented Cross-Border Transfers: Data flows to the US, EU, and South Africa were high risk. Recommendation: Conduct immediate Cross-border-focused DPIA and document lawful bases.
-
No Record of Processing Activities (ROPA): Lack of a central ROPA created an accountability gap. Recommendation: Prioritise creating a simple, living ROPA as the foundational governance document.
-
Weak Consent Management: Consent lacked audit trails, undermining lawful basis claims. Recommendation: Implement system-logged consent records.
This project confirmed that strong technical controls are not enough without solid governance. The highest risks came from procedural gaps, not system failures.