The Nigerian Data Protection Act(NDPA)

The Nigeria Data Protection Regulation (NDPR) was a set of guidelines issued by the National Information Technology Development Agency (NITDA) in 2019 to regulate the processing of personal data in Nigeria. The NDPR was repealed and replaced by the Nigeria Data Protection Act (NDPA) in June 2023.

The NDPA is still a relatively new law, and it is not yet clear how it will be interpreted and applied in practice. However, it is a significant step forward for data protection in Nigeria, and it is expected to have a positive impact on the privacy of Nigerians.

All you Need to Know

The NDPA is a comprehensive piece of legislation that sets out the rights of data subjects and the obligations of data controllers and processors. It covers a wide range of topics, including:
  • The collection, use, and disclosure of personal data
  • The security of personal data
  • The rights of data subjects
  • The obligations of data controllers and processors
The act applies to all storage and processing of Personal Data conducted in respect of Nigerian citizens and residents. Examples of personal data are as follows:
  • The collection, use, and disclosure of personal data
  • Employee information as managed by HR
  • Customer and subscribers data
  • Vendors' and services providers' information
data protection
Personal data may contain one
or more of the following:
  • Name, phone numbers, contact information
  • Location information, financial information,
    transaction history
  • Customer and subscribers data
  • Gender, ethnicity, health records, sexual orientation