Nigeria Data Protection Act 2023 (NDPA)

The LawField Review

The Nigeria Data Protection Act 2023 (NDPA) was signed into law on June 14, 2023, by President Bola Ahmed Tinubu. The NDPA is a comprehensive piece of legislation that sets out the rules for the processing of personal data in Nigeria. It is designed to protect the privacy of individuals and to ensure that their personal data is used fairly and lawfully.

The NDPA applies to all organizations that process personal data in Nigeria, regardless of their size or location. It defines personal data as any information that can be used to identify an individual, such as their name, address, phone number, email address, or bank account number.

The NDPA sets out a number of requirements for organizations that process personal data. These requirements include:

• Obtaining consent from individuals before collecting or processing their personal data
• Providing individuals with access to their personal data
• Rectifying or deleting inaccurate or incomplete personal data
• Securing personal data against unauthorized access, use, disclosure, or destruction

The NDPA also establishes the Nigeria Data Protection Commission (NDPC), which is responsible for enforcing the law. The NDPC has a number of powers, including the power to investigate complaints, issue fines, and block the processing of personal data.

The NDPA is a significant piece of legislation that will have a major impact on the way that organizations collect, use, and store personal data in Nigeria. It is important for organizations to understand the requirements of the NDPA and to take steps to comply with the law.

Here are some of the key provisions of the NDPA:

• The NDPA defines personal data as any information relating to an individual, whether it is held in electronic or paper form.
• The NDPA requires organizations to obtain consent from individuals before collecting or processing their personal data.
• The NDPA gives individuals the right to access their personal data, to have it corrected if it is inaccurate, and to have it deleted if it is no longer needed.
• The NDPA requires organizations to take steps to protect personal data against unauthorized access, use, disclosure, or destruction.
• The NDPA establishes the Nigeria Data Protection Commission (NDPC), which is responsible for enforcing the law.

The NDPA is a comprehensive piece of legislation that will help to protect the privacy of individuals in Nigeria. Organizations that collect, use, or store personal data in Nigeria should take steps to comply with the law.

Here are some tips for complying with the NDPA:

• Obtain consent from individuals before collecting or processing their personal data.
• Provide individuals with access to their personal data.
• Rectify or delete inaccurate or incomplete personal data.
• Secure personal data against unauthorized access, use, disclosure, or destruction.
• Appoint a data protection officer (DPO) if your organization processes large amounts of personal data.
• Comply with the NDPC’s regulations and guidelines.

The NDPA is a new law, and there is still some uncertainty about how it will be interpreted and enforced. However, it is important for organizations to start taking steps to comply with the law now.