On the 25th of October 2021, the Lagos state Data Protection Bill (“LDPB” “Bill”) passed the second reading at the Lagos State House of Assembly. The long title of the Act, provides that the Bill is for a Law “to promote the protection of personal information processed by public and private bodies, establish minimum requirements for the processing and protection of personal information, establish the data protection commission and for connected purposes.”

The aim of the Bill is to set out standards, rules, and salient overarching principles for the processing of personal data within the state. It is also expected that the Bill will attract additional revenue into Lagos state as it proposes a registration fee for data controllers and data processors that process data within the state.

The LDPB is inspired by the Nigeria Data Protection Regulation (NDPR) 2019, the country’s main data protection instrument, which regulates all organisations handling personal data of Nigerians and persons residing in Nigeria. Additionally, the LDPB is the first Bill of its kind at the state level in Nigeria. It has the potential to alter how data is collected, stored, and managed by businesses in the country. This article will highlight several significant provisions of the Bill. We will discuss the Bill’s relationship to the NDPR, as well as potential implementation challenges that may arise if the Bill is enacted in its current form.

Read More