Free Compliance Tools
Practical Tools for Compliance, Governance and Audit Readiness.
Download executive-ready checklists, scorecards, trackers, and guides designed to help organisations assess and strengthen their regulatory readiness — built to the standard the NDPC’s inspection framework applies.
Select a resource, complete the form, and receive it by email.
Every resource is built to the NDPC’s audit and inspection standard — not adapted from international templates. Select a resource on the left, complete the form on the right, and SAC will send it directly to your email address.
NDPA / GAID Compliance Readiness Checklist
A structured checklist covering all principal NDPA and GAID compliance obligations — DCPMI registration, RoPA, DPIA, DPO designation, breach response, CAR filing, and board governance. Formatted to the NDPC’s inspection standard with status indicators and remediation prompts.
Board Privacy Governance Scorecard
A scoring framework for boards and Audit Committees to self-assess their data protection governance posture across accountability structure, oversight mechanisms, DPO reporting, incident governance, and digital trust KPI management.
DPIA Starter Pack
A practical starter kit for organisations beginning their DPIA programme — covering mandatory trigger assessment, a simplified DPIA template structured to NDPA Section 28, a worked example using a Nigerian regulatory scenario, and a DPIA register template.
Audit Evidence Checklist
A structured checklist of the evidence items that NDPC inspectors request and the documentation standard each must meet — enabling DPOs and compliance teams to identify gaps before an inspection rather than under one.
DCPMI Readiness Checklist
A structured checklist for assessing DCPMI registration readiness — covering threshold determination, required documentation, DPO designation requirements, and the steps required to complete and maintain NDPC registration as a Data Controller or Processor of Major Importance.
Breach Readiness Checklist
A structured readiness assessment for data breach response — covering the 72-hour notification capability, breach assessment procedures, NDPC notification requirements, data subject notification decisions, evidence preservation, and post-breach remediation. Includes a self-assessment score.
Vendor Privacy Due Diligence Checklist
A structured checklist for assessing data processor compliance before onboarding — covering security posture, data processing terms, sub-processor controls, breach notification requirements, and the minimum DPA content required under NDPA Section 29.
NDPC CAR Preparation Guide
A step-by-step guide to preparing for the annual Compliance Audit Return — explaining what the CAR requires, the evidence that must be assembled, the self-assessment structure, and how to present it for DPCO certification and NDPC filing. Includes a preparation timeline.
SAC will send your selected resource to your email address within one business hour. If you have a question or would like to discuss the resource, contact info@sac.ng or book a consultation.
SAC collects only the information required to send the resource and understand the context of your interest. This is a legitimate interest processing activity — documented in SAC’s own RoPA and DPIA programme.
SAC will contact you once with the resource and may follow up with sector-relevant insights if your profile suggests they would be useful. You can unsubscribe from any communication at any time.
Your data is not shared with any third party. It is processed by SAC only, in accordance with SAC’s Privacy Policy and the NDPA 2023. SAC is a licensed DPCO and applies the compliance standards it advises clients to meet.
Every resource is built by the practitioners who conduct NDPA compliance audits and file Compliance Audit Returns with the NDPC — formatted to the regulatory standard they apply in their advisory engagements.
Resources show the gap. Advisory closes it.
Every resource on this page is designed to reveal a compliance gap that SAC advisory or a SAC product can address. If a resource identifies a gap you cannot close with a checklist, the next step is a 20-minute diagnostic with a named SAC principal.