SAC Training Academy
Building Data Protection and Digital Trust Capability That Works in Practice.
Certification is important. Operational capability is critical. SAC Training Academy delivers practical, regulator-aware, scenario-based programmes for professionals, executives, DPOs, compliance teams, auditors, and boards.
Different from compliance training. Built for compliance deployment.
Most compliance training produces professionals who understand the law. SAC produces professionals who can apply it — on Monday morning, in the organisation they return to.
The gap between compliance certification and compliance capability is where most training programmes lose their value. A DPO who has passed an examination but cannot construct a Records of Processing Activities, conduct a defensible DPIA, or manage a 72-hour breach notification has received a credential, not a capability.
SAC's training programmes are built by the practitioners who conduct NDPA compliance audits, design privacy governance frameworks, and engage with the NDPC in live regulatory environments. Every case study, scenario, and exercise is drawn from Nigerian regulatory proceedings — not GDPR case law adapted for Nigerian conditions.
Every instructor holds active practitioner credentials — FCA, CISA, CDPSE, CDPO, CRISC — and is currently delivering the compliance programmes and engaging the regulators they teach. Practice precedes instruction at SAC, because the NDPC's standard demands it.
SAC is accredited by IIM Africa and recognised by the NDPC. CDPO graduates receive an institutionally recognised qualification verifiable with IIM Africa — not a SAC-issued certificate.
Every scenario, case study, and exercise is drawn from Nigerian NDPA enforcement proceedings and real compliance programme implementation — not adapted from European GDPR decisions.
Participants execute a live breach simulation — detection, assessment, notification drafting, 72-hour NDPC notification, and post-breach remediation — in a controlled environment before facing a real incident.
Participants walk through the evidence review process that NDPC inspectors apply — learning to build, structure, and present compliance evidence to the standard regulators require, not the standard internal review accepts.
Board-level and executive programmes are structured to produce board members and senior executives who can discharge governance accountability — not just acknowledge it.
Seven programmes. Select one to explore.
Each programme is available as open enrolment, private corporate delivery, or on-demand — calibrated to the participant's role, sector, and regulatory context.
CDPO Certification Training
The NDPA 2023 and GAID in operational detail — not as a reading exercise but as a compliance architecture they will implement in their organisations. Participants learn to construct Records of Processing Activities, conduct DPIAs for high-risk processing, manage Data Subject Access Requests, execute the 72-hour breach notification procedure, and structure the DPO's board-reporting function. Every learning unit is followed by a Nigerian-context practical exercise.
RoPA construction workshop using SAC's NDPC-format template · DPIA execution for a high-risk processing scenario · DSAR response simulation (timelines, exemptions, disclosure decisions) · 72-hour breach notification exercise · Board DPO quarterly report drafting · Evidence pack review against NDPC inspection criteria.
- IIM CDPO qualification — verifiable with IIM Africa
- NDPC-recognised DPO designation capability
- Operational RoPA, DPIA, and DSAR skills
- 72-hour breach notification readiness
- Board data protection reporting capability
- NDPC annual compliance audit preparation skills
- IIM examination and certification
- NDPC-format RoPA template
- DPIA framework and template
- DSAR procedure SOP
- Breach notification register
- Board reporting template
A CDPO graduate who can return to their organisation on Monday and begin implementing the compliance programme — not begin planning to plan one. IIM-certified, NDPC-recognised, deployment-ready.
Executive Privacy Briefings
The NDPA's implications at the strategic and governance level — not the technical detail but the accountability, decision-making, and oversight requirements that apply to senior leadership. What the NDPC's enforcement posture means for their organisation. What "board accountability" means in practice under the NDPA. How to ask the right questions of their compliance and legal teams.
NDPA accountability scenario — "the NDPC has written to your organisation" — working through the governance response decisions. Privacy posture gap identification exercise — executives assess their own organisation's readiness against a structured diagnostic. Board question framework — a structured set of questions executives can use to assess compliance capability in their own organisations.
- NDPA board-level accountability understanding
- Digital trust governance obligations clarity
- Capacity to challenge compliance team effectively
- Regulatory posture and enforcement risk awareness
- Board agenda and reporting structure for privacy
- Executive NDPA summary briefing pack
- Board question framework
- Privacy governance checklist for executives
- SAC Certificate of Completion
Executives who can discharge their NDPA governance accountability with clarity — asking the right questions, recognising the right risk signals, and ensuring the right board oversight is in place.
DPO Masterclasses
Advanced operational capability for practicing DPOs — going beyond certification to the practical challenges of operating a DPO function in a Nigerian regulatory environment. How to maintain a live, auditable RoPA. How to build a DPIA programme that runs as part of the project lifecycle. How to structure the DPO's relationship with the board. How to manage a data subject access request under time pressure when the answer is not straightforward.
Complex DSAR scenario — non-obvious exemptions, partial disclosure decisions, and response drafting under the NDPA's timelines · RoPA audit exercise — identifying gaps in a realistic RoPA · DPO board report construction — drafting a quarterly board data protection report from real compliance data · Third-party data processing due diligence exercise.
- Module A: Advanced RoPA Management
- Module B: DPIA Programme Design
- Module C: DSAR Handling Under Pressure
- Module D: DPO Board Reporting
- Module E: Vendor Privacy Management
- Module F: NDPC Audit Preparation
- Advanced operational DPO capability
- Board-visible DPO reporting function
- NDPC audit-ready evidence infrastructure
- Peer-reviewed practical exercises
A DPO function that operates independently and evidentially — producing board reports, managing requests, conducting audits, and maintaining compliance infrastructure without constant external advisory support.
DPIA Practical Workshops
How to conduct a DPIA that satisfies NDPA Section 28 and the NDPC's inspection standard — not just a template exercise but a genuine risk assessment that identifies, evaluates, and mitigates privacy risks in high-risk processing activities. Participants learn to identify when a DPIA is mandatory, how to structure the assessment, how to document risk decisions, and how to present DPIA findings to senior leadership and the NDPC.
Mandatory DPIA determination exercise — given five processing scenarios, determine which require a DPIA and why · Full DPIA execution on a realistic high-risk processing scenario (new biometric attendance system) · Risk scoring and mitigation design · DPIA output documentation to NDPC standard · Presentation of DPIA findings to simulated senior leadership panel.
- DPIA mandatory determination capability
- End-to-end DPIA execution skills
- Risk scoring and mitigation documentation
- NDPC-format DPIA output proficiency
- DPIA register management
- SAC NDPC-format DPIA template
- DPIA mandatory assessment checklist
- Risk scoring framework
- Completed workshop DPIA (reference output)
Participants who can conduct a defensible DPIA independently — from mandatory determination through risk assessment and NDPC-format documentation — for any high-risk processing activity their organisation commissions.
Breach Simulation Labs
How to execute a complete NDPA-compliant breach response from the moment of discovery — before the pressure of a real incident, not under it. The 72-hour notification clock, breach severity assessment, NDPC notification drafting, data subject notification decisions, evidence preservation, and post-breach remediation. Participants discover their actual response capability — not the capability their documentation describes.
A realistic, multi-phase breach scenario unfolds across the day: initial incident detection (unclear scope), preliminary assessment, internal escalation, 72-hour NDPC notification drafting, decision on data subject notification, evidence preservation, and simulated NDPC follow-up enquiry. Participants play their actual organisational roles — the DPO does DPO work, the CEO makes CEO decisions, legal counsel provides legal counsel. The simulation exposes the gaps between documented procedures and operational capability.
- 72-hour notification execution capability
- Breach severity assessment proficiency
- NDPC notification drafting skills
- Evidence preservation protocol understanding
- Identification of actual response gaps
- Post-simulation remediation roadmap
- Simulation findings report
- Gap identification and remediation recommendations
- NDPC notification template (organisation-specific)
- Breach register template
A team that has executed a complete breach response under controlled conditions — and knows exactly where their documented process diverges from their operational capability, before a real incident exposes that gap.
Board Privacy Governance Sessions
How to govern digital trust and data protection at the board level — structuring accountability, asking the right questions of the executive and compliance function, and producing the governance evidence that demonstrates the board is discharging its NDPA and CBN obligations. Delivered by SAC's ISACA DTEF Certified Facilitator — the only certified DTEF Facilitator operating in Nigeria's professional services sector.
Session 1: NDPA board accountability — what the law requires, what the NDPC inspects for, and what the board must be able to evidence · Session 2: Digital trust governance framework — the seven DTEF domains and how boards structure oversight across them · Session 3: Governance implementation — KPIs, reporting structures, Audit Committee agenda items, and the board's role in incident response.
- Board-level NDPA accountability clarity
- Digital trust governance framework understanding
- Structured board question capability
- Audit Committee privacy agenda design
- Board reporting expectations for DPO function
- Board NDPA accountability summary
- DTEF seven-domain governance overview
- Board privacy KPI framework template
- Audit Committee privacy agenda template
A board that can demonstrate active governance of digital trust and data protection — with a structured oversight framework, measurable KPIs, and quarterly Audit Committee reporting that satisfies NDPC, CBN, and external auditor expectations.
NDPC Compliance Audit Readiness Training
What NDPC inspectors look for, how they look for it, and what an organisation must have in place — in terms of documentation, process, and evidence — to produce a clean or manageable inspection finding. Participants learn to conduct their own audit readiness assessment, build the evidence infrastructure, and prepare the Compliance Audit Return that a licensed DPCO must certify and file. The training is built around the NDPC's own audit framework — not a generic compliance checklist.
Evidence gap identification exercise — reviewing a realistic compliance file for missing, incomplete, or non-conforming evidence · Audit readiness self-assessment using SAC's NDPC-aligned diagnostic tool · Evidence pack construction — building the documentation structure for a CAR filing · NDPC inspection simulation — responding to a realistic inspector document request with a tight deadline.
- NDPC audit framework mastery
- Evidence gap identification and remediation skills
- CAR preparation capability (for DPCO submission)
- NDPC inspection response readiness
- Ongoing audit readiness maintenance skills
- NDPC audit readiness self-assessment tool
- Evidence pack structure template
- NDPC inspection response protocol
- CAR preparation checklist (DPCO submission)
An organisation that is inspection-ready at any point — with compliance evidence structured to the NDPC's own audit framework, and a team that knows how to maintain that readiness between annual CAR filing cycles.
Training your compliance team as a cohort produces a different outcome than training individuals.
When a compliance team attends SAC training together, they return to the same organisation with the same reference framework, the same templates, and the same understanding of what the NDPC's standard requires. The implementation friction that comes from individual training — where each team member has a slightly different understanding of what to do — is eliminated.
Corporate cohort delivery is available for all SAC Academy programmes. It can be delivered at your organisation's premises, at SAC's training facility, or virtually — with the content calibrated to your sector, your existing compliance state, and the specific NDPA obligations most relevant to your processing activities.
For organisations with five or more participants in any programme, SAC recommends cohort delivery over individual enrolment — both for the collaborative learning benefit and for the sector-calibration that makes the training directly applicable to your organisation's specific regulatory context.
Six compliance team members. Within 90 days of IIM certification: team independently constructed the bank's full RoPA, completed three DPIAs, and filed the first NDPC annual compliance audit return — without external advisory support.
Compliance team of four. Following the two-day Audit Readiness programme: agency identified 12 evidence gaps, remediated 10 within 30 days, and produced the first NDPC-formatted evidence pack in the agency's compliance history.
Cross-functional team of eight. Post-simulation findings: actual 72-hour notification capability improved from “not possible” to “achievable within 48 hours” after role-assignment redesign prompted by simulation findings.
Four principles that make SAC training convert to capability.
Each principle is a structural feature of every programme — not an aspiration described in a training brochure but a design requirement applied to every exercise, case study, and assessment.
Nigerian Regulatory Cases — Not Adapted Foreign Law
Every case study, scenario, and exercise is drawn from Nigerian regulatory proceedings, NDPC enforcement actions, or SAC's own advisory engagements — conducted under Nigerian law, applicable to Nigerian organisations, and relevant to the NDPC's actual inspection standard.
Practice Before Theory — Exercises That Expose Gaps
Participants encounter the exercise before the theory, discovering through the practical challenge what they do not yet know — and then acquiring the knowledge they need to solve the specific problem they just failed to solve. Retention is significantly higher when knowledge is acquired to solve a felt problem than when it is absorbed in anticipation of a hypothetical one.
Templates and Tools — Not Just Knowledge
Every participant leaves with deployable tools: NDPC-format RoPA templates, DPIA execution frameworks, DSAR response protocols, breach notification registers, and board report templates. The training deliverables are the working documents the participant will use in their organisation — not reading materials for later reference.
Instructors as Active Practitioners — Not Subject-Matter Experts
Every SAC instructor is currently delivering the compliance programmes they teach — conducting NDPA audits, filing NDPC Compliance Audit Returns, managing DPO functions, and engaging the NDPC in live regulatory environments. They teach from operational experience, not academic familiarity. The distinction matters: the NDPC's standard is not theoretical.
Scheduled open-enrolment dates — 2026.
Open-enrolment programmes are available to individuals and small groups. Corporate cohort dates are arranged separately by agreement. Contact SAC to confirm current scheduling and availability.
Dates confirmed. Contact SAC to verify current availability.
Dates confirmed. Contact SAC to verify current availability.
Schedule your corporate date — contact SAC for Q3 availability.
Dates confirmed. Contact SAC to verify current availability.
Not yet open for registration. Join waitlist for notification.
Scheduled by arrangement. Contact SAC to book your board session.
Training dates are indicative. SAC recommends confirming all dates by contacting training@sac.ng before booking travel or making arrangements. Corporate cohort dates are set by agreement and do not appear in the open-enrolment calendar.
Build the capability your organisation needs to operate under NDPC scrutiny.
Enroll in an upcoming programme, request a corporate cohort for your team, or arrange a private board session. SAC responds to all training enquiries within one business day.