Enactment of the Nigeria Data Protection Act

On 12 June 2023, the Nigeria Data Protection Act 2023 (“the Act”) was signed into law by the country’s’ President. The Act provides a legal framework for the protection of personal information and establishes the Nigeria Data Protection Commission for the regulation of the processing of personal information. It also marks an important step in Nigeria’s nearly two-decade journey towards a comprehensive data protection law.  The objectives of the Act include: providing for the regulation of processing of personal data; promoting data processing practices that safeguard the security of personal data and privacy of data subjects; and ensuring that personal data is processed in a fair, lawful and accountable manner.

Notable provisions in the Act include:

  • The Act introduces a new category of “data controllers and processors of major importance,” which seems to be inspired by the tiered approach in the EU’s Digital Services Act and its specific obligations for “very large online platforms and search engines;”
  • A “duty of care” is among the principles that controllers and processors need to comply with;
  • The Act also introduces and places limitations on legitimate interest as a legal basis for personal data processing
  • The Act provides stronger protections for children and persons without legal capacity,

Prior to the introduction of the Act, Nigeria’s data protection landscape was governed by the Nigeria Data Protection Regulation, 2019 (NDPR) and the Nigeria Data Protection Regulation 2019: Implementation Framework (Implementation Framework). However, the need to fill in the gaps under the NDPR, create a legal foundation for the enactment of a Data Protection Act.

Borderless. Seamless

At CLA, we are passionate about Africa and our purpose is to grow Africa’s economies, people, industries and markets.

All Insights

All rights Reserved © Citadel Law Africa (CLA) , 2024

News & Insights