Data Protection in Nigeria: Overview of the 2019 Nigerian Data Protection Regulation Issued by NITDA

On 25th of January 2019 the National Information Technology Development Agency (NITDA) issued its latest regulation on data protection - the Nigerian Data Protection Regulation 2019 (“the 2019 Regulation”).

The 2019 Regulation was issued pursuant to NITDA’s statutory mandate contained in Section 6 of its enabling law, the NITDA Act of 2007:

“6 (c) develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper-based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information;”

The Regulation is an improvement on the Guidelines on Data Protection issued by NITDA in 2013. Unlike the 2013 Guidelines, the 2019 Regulation is more robust, utilises assertive language, imposes sanctions on organisations for non-compliance with its provisions and grants enforceable rights to data subjects.