Regulatory Compliance

InnovateWithEnioluwatilehin (operating in association with Team Peridot Consulting) is committed to maintaining the highest standards of regulatory compliance, data protection, and ethical business practices across all jurisdictions in which we operate. This Compliance page outlines our adherence to applicable laws, regulations, and industry standards governing our operations, data handling, and service delivery.

We operate globally with clients across the United States, United Kingdom, European Union, Nigeria, and international markets. Our compliance framework is designed to meet or exceed the requirements of the most stringent data protection and business regulations in each jurisdiction.

Last updated: June 2, 2026. This framework is reviewed quarterly and updated whenever there are material changes in applicable law or our business practices.

For clients and website visitors located in the European Union and European Economic Area, we comply fully with the General Data Protection Regulation (EU) 2016/679. Our GDPR compliance measures include:

• Lawful Basis: We process personal data only where a valid lawful basis exists, such as consent, contract necessity, or legitimate interests.
• Data Minimization: We collect only the data strictly necessary for the specific purpose stated at the time of collection.
• Transparency: Our Privacy Policy clearly explains what data we collect, why we collect it, and how long we retain it.
• Data Subject Rights: We respect and facilitate all rights granted under GDPR, including access, rectification, erasure, restriction, portability, and objection.
• Data Protection Officer (DPO): While we are not currently required to appoint a DPO under GDPR Article 37, we have designated a compliance officer to handle data protection matters.
• Breach Notification: In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected data subjects without undue delay.
• Cross-Border Transfers: We use Standard Contractual Clauses (SCCs) for any data transfers outside the EEA.

To exercise your GDPR rights, please contact our compliance officer at info@innovatewithenioluwatilehin.com. We respond to all data subject requests within 30 days.

For clients and visitors in the United Kingdom, we comply with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) as retained in UK law post-Brexit. Our UK-specific compliance measures include:

• Alignment with UK GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and accountability.
• Recognition of UK data subject rights, including the right not to be subject to solely automated decision-making.
• Use of UK-approved Standard Contractual Clauses or adequacy decisions for international transfers.
• Cooperation with the Information Commissioner's Office (ICO) in the event of any regulatory inquiry or complaint.

UK residents may lodge complaints with the ICO if they believe their data protection rights have been violated. We encourage you to contact us first so we can resolve any concerns directly.

For California residents, we comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). California consumers have the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: Request that we do not sell or share your personal information. We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use: Request limitation on the use of sensitive personal information.

To exercise your CCPA/CPRA rights, please email info@innovatewithenioluwatilehin.com with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.

We do not sell, trade, or share personal information for monetary or other valuable consideration. We do not engage in behavioral advertising or cross-context tracking.

As a Nigeria-based business, we comply with the Nigeria Data Protection Regulation (NDPR) 2019 issued by the National Information Technology Development Agency (NITDA). Our NDPR compliance includes:

• Obtaining consent before processing personal data, except where another lawful basis applies.
• Implementing appropriate technical and organizational measures to protect personal data.
• Appointing a data protection officer responsible for compliance with NDPR requirements.
• Conducting data protection impact assessments for high-risk processing activities.
• Reporting data breaches to NITDA within 72 hours and notifying affected data subjects.
• Honoring data subject rights including access, rectification, erasure, and objection.

We are registered with the Nigeria Data Protection Commission (NDPC) and maintain all required documentation for compliance audits.

As a provider of SAM.gov registration and federal contracting services, we adhere to the compliance requirements of the U.S. federal government procurement system. Our SAM.gov compliance practices include:

• Accurate and truthful representation of client information in all SAM.gov registrations and renewals.
• Compliance with FAR (Federal Acquisition Regulation) and DFARS requirements.
• Maintenance of proper NAICS codes, PSC codes, and business size classifications.
• Adherence to SBA set-aside certification requirements where applicable.
• Ethical conduct in all government contracting advisory services, with no false claims or misrepresentations.
• Confidential handling of all client proprietary information and trade secrets submitted for government opportunities.

We do not guarantee any specific outcome from SAM.gov registration or federal contracting efforts. All applications and proposals are subject to government agency review, competitive criteria, and independent decision-making beyond our control.

We maintain strict confidentiality of all client information submitted for government contracting purposes and do not disclose proprietary data to unauthorized third parties.

We implement industry-recognized security frameworks to protect client data and maintain operational integrity. Our security posture includes:

We are committed to continuous improvement of our security posture and regularly review our controls against evolving threats and industry standards.

We are committed to making our website accessible to all users, including those with disabilities. Our accessibility practices include:

• Conformance with WCAG 2.1 Level AA guidelines where technically feasible.
• Semantic HTML structure and proper heading hierarchy for screen reader compatibility.
• Descriptive alt text for images and meaningful link text throughout the site.
• Keyboard navigability for all interactive elements and forms.
• Sufficient color contrast ratios for text readability.
• Resizable text and responsive layouts that work across devices and screen sizes.

If you experience any accessibility barriers while using our website, please contact us at info@innovatewithenioluwatilehin.com and we will work to resolve the issue promptly.

We engage third-party service providers to support our operations. All providers are vetted for compliance with applicable data protection and security standards. Our key providers and their compliance certifications include:

All third-party providers are contractually bound to process data only for specified purposes, maintain confidentiality, and implement appropriate security measures. We do not permit providers to use client data for their own purposes or to share it with other parties.

We maintain comprehensive records to demonstrate compliance with applicable regulations. Our compliance documentation includes:

• Data processing records and inventory of personal data holdings.
• Consent logs and records of lawful basis for processing.
• Data retention schedules and deletion records.
• Security incident logs and breach response documentation.
• Third-party processor agreements and compliance attestations.
• Regular internal compliance audits conducted quarterly.

Upon request, we can provide clients with relevant compliance documentation, subject to confidentiality and legal restrictions. All audit requests should be directed to info@innovatewithenioluwatilehin.com.

For compliance inquiries, regulatory questions, data protection requests, or to report a suspected compliance issue, please contact our compliance officer:

Please include "COMPLIANCE INQUIRY" in the subject line of your email to ensure proper routing. We take all compliance matters seriously and respond promptly.