Privacy & Data Governance Notice

Effective date: 14 Jun 2026

PEPLens is a high-integrity compliance intelligence platform designed for the identification, categorization, and monitoring of Politically Exposed Persons (PEPs). We operate under a "Privacy by Design" framework to meet the rigorous standards of global and local data protection regimes.

01. Legal Jurisdictions

We ensure compliance across two primary pillars:

  • NDPR & NDPA 2023: Governing data subjects within the Nigerian Federation.
  • EU GDPR: Applied to data processing involving EU residents or cross-border institutional reporting.
  • Regulatory Alignment: Categorization logic is mapped to CBN, NFIU, FATF, and Wolfsberg Group guidelines.

02. PEP Categorization & Uploads

When institutions upload PEP data, our system automatically applies risk-weights based on:

  • Domestic PEPs: Heads of state, senior politicians, and judicial officers.
  • International PEPs: Officials of international organizations (UN, AU, ECOWAS).
  • RCAs: Relatives and Close Associates of the above categories.

03. Lawful Basis for Processing

Under Article 6 of the GDPR and Section 25 of the NDPA, our processing is justified by:

Legal Obligation Fulfilling statutory AML/CFT requirements (Anti-Money Laundering and Countering the Financing of Terrorism).
Public Interest Assisting in the prevention of financial crimes, corruption, and illicit enrichment.

04. Data Subject Rights & Exemptions

While we uphold the rights to Access, Rectification, and Portability, certain rights (such as the 'Right to Erasure' or 'Right to Object') may be restricted where the data is essential for ongoing regulatory investigations or mandatory AML record-keeping periods (typically 5+ years).

05. Technical Safeguards

  • Encryption: AES-256 encryption at rest and TLS 1.3 in transit.
  • Multi-Tier Review: No PEP record is published without a "Maker-Checker" workflow (Supervisor -> Region Lead).
  • Audit Integrity: Immutable logs of every data access, edit, or upload event.

Compliance Contact

Direct inquiries regarding Data Protection Impact Assessments (DPIA) or Subject Access Requests (SAR) should be routed to the Data Protection Officer (DPO) via the PEPLens Admin Console.

Strictly for authorized institutional use. Unauthorized access is a violation of the NDPA 2023.

An unhandled error has occurred. Reload

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.