Overview

The need for strong data protection measures has never been more pressing in an age where personal data has replaced oil as the new currency. Significant accomplishments and steadfast efforts have distinguished Nigeria’s progress toward comprehensive data protection regulation. The Nigeria Data Protection Regulation (NDPR) which was published in 2019 and the Nigeria Data Protection Bureau (NDPB) which was established in 2022 were significant advances in this direction. To address the issues with the developing data protection and privacy landscape, stakeholders have long called for more comprehensive and enforceable legislation.

On 14 June 2023, President Bola Ahmed Tinubu signed into law, the Data Protection Act, 2023. The objective of the Act, amongst others, is to safeguard the fundamental rights and freedoms and the interests of data subjects as guaranteed under the 1999 Constitution of Nigeria. The Act establishes the Nigeria Data Protection Commission (NDPC), also referred to as the “Commission”, to replace the Nigeria Data Protection Bureau (NDPB) established by former President Muhammadu Buhari.

Unveiling The Nigeria Data Protection Act 2023 The Act comprises twelve (12) parts, i.e., Part I to Part XII. The first four (4) parts focus on the details of the Commission and its structure, and Part V to Part VIII emphasize the Data Protection Principles and relevant implementation requirements. Part IX highlights the Registration of Data controllers and data processors of major importance, while Part X and XI focus on Enforcement and Legal Proceedings. Finally, Part XII highlights the miscellaneous provisions of the Act.

This review highlights the different focus areas of the Act and draws comparison with the NDPR where applicable. We have also provided our points of views on certain aspects of the Act, particularly where data controllers and processors may need to look out for additional regulatory guidelines from the Commission.