In today’s digital age, where substantial volumes of personal information are generated, stored, and processed by businesses, the need for robust data protection measures is more critical than ever. Governments around the world are enacting legislation to regulate the handling of personal data and safeguard the privacy rights of individuals.

Nigeria’s only response to data privacy issues was initially a reference to the constitutional right to privacy, as enshrined in section 37 of the Constitution.  In 2019, the National Information Technology Development Agency (NITDA) introduced the Nigeria Data Protection Regulation (NDPR), which became the accepted legal framework for data protection in Nigeria, together with the NDPR Implementation Framework 2020. The issues of data protection, however, deserve a more formal legislative codification rather than a regulation, hence the need for a comprehensive Act of Parliament that would be enforceable in all superior courts of record in Nigeria.

On the 12^th of June 2023, President Bola Ahmed Tinubu signed the Nigerian Data Protection Act (NDPA) into law. The Act aims to strike a balance between promoting innovation and protecting the privacy rights of individuals. It establishes a framework for organizations to handle personal data transparently, securely, and lawfully. By enacting this legislation, the government seeks to empower individuals by giving them control over their personal information and ensuring that businesses and organizations act responsibly when collecting, storing, and processing data.

This article highlights some of the key provisions of the NDPA.  By examining these provisions, insights will be gained into the obligations placed on data controllers and processors, the role of the statutory regulator (the Nigerian Data Protection Commission) and the consequences of non-compliance.:

Read More