Nigeria

Welcome to Nigeria

The Data Protection Act, signed into law on June 13, 2023, safeguards the fundamental rights and freedoms of data subjects as guaranteed under the Constitution of the Federal Republic of Nigeria. It establishes the regulatory framework for data protection in Nigeria, setting guidelines on how personally identifiable data can be used, stored, or shared.
mitech-home-resolutions-box-image-01
mitech-home-resolutions-box-image-01-hover

Legal Basis

The NDPA recognizes "legitimate interest" as a legal basis for processing personal data.
mitech-home-resolutions-box-image-02
mitech-home-resolutions-box-image-02-hover

Data Portability

The right to data portability is removed, with the option for future reinstatement by the Data Protection Commission.
mitech-home-resolutions-box-image-03
mitech-home-resolutions-box-image-03-hover

Data Controller/Processor of Major Importance

DCMIs/DPMIs must appoint a data protection officer, register with the NDPC, and face higher fines for breaches.
mitech-home-resolutions-box-image-03
mitech-home-resolutions-box-image-03-hover

Children’s Data

Consent for processing a child's data must come from a parent or guardian. Age and consent verification must use government-approved identification.

Regulatory Authority

The Act’s objectives include protecting personal information, promoting data security and privacy, and providing recourse and remedies for rights breaches. It also aims to strengthen the legal foundations of Nigeria’s digital economy and ensure the country’s participation in regional and global economies through the trusted use of personal data. The Act establishes the Nigeria Data Protection Commission to ensure enforcement.
dpo360-ningeria-leadership
Dr Vincent Olatunji – National Commissioner / CEO

Nigeria Data Protection
Commission

The National Data Protection Commission (NDPC) is a statutory Nigerian organization that is responsible for the regulation of data privacy in Nigeria. It was created by the Nigeria Data Protection Bureau (NDPB) in February 2022, as a mandate to oversee the implementation of the Nigeria Data Protection Regulation (NDPR) which was issued by National Information Technology Development Agency (NITDA) in 2019 as a subsidiary legislation of NITDA Act, 2007

Penalties

Fines

  • For Major Data Controllers/Processors: Greater of NGN 10,000,000 (approx. $13,200) or 2% of annual gross revenue.
  • For Other Controllers/Processors: Greater of NGN 2,000,000 (approx. $2,640) or 2% of annual gross revenue.

Sanctions

May issue criminal sanctions in addition to enforcement notices when enforcement notices are consistently ignored

Additional Resources (PDF Documents)