NDPC Publishes Guidelines for Nigeria Data Protection Act Implementation
The Nigerian Data Protection Commission (NDPC) has released a compliance guide to help stakeholders navigate the Nigeria Data Protection Act (NDP Act). The document, known as the Nigeria Data Protection Act – General Application and Implementation Directive (NDP Act GAID), was officially announced at a press conference on March 20, 2025.
The goal of this guide is to ensure that data controllers and processors understand their obligations under the NDP Act while also educating data subjects on their rights regarding data privacy and protection.
Key Areas Covered in the Compliance Guide
The newly published guide provides a clear breakdown of the NDP Act’s core principles, covering:
- Lawful basis for data processing
- Data protection principles and obligations
- Data subject rights
- Compliance audits under the NDP Act
- Best practices for handling emerging technologies
The document is designed to simplify compliance and provide organizations with structured guidance on how to lawfully process personal data while safeguarding the rights of individuals.
DON’T MISS THIS: Brazilian Workers Could Receive Salaries in Crypto Under New Bill
New Remediation Process for Data Breaches
At the press conference, Dr. Vincent Olatunji, National Commissioner and CEO of the NDPC, highlighted the efforts of the GAID committee, which was responsible for developing the guide. He emphasized that individuals whose data rights have been violated no longer need to physically visit the Commission to seek redress.
In his statement, Dr. Olatunji said:
“We have fully democratised the privacy breach remediation process for data subjects.”
He further explained that the NDPC has introduced the Data Subjects’ Standard Notice to Address Grievances (SNAG), a mechanism that allows data subjects to demand corrective actions from data controllers and processors directly, without first filing a complaint with the Commission.
This initiative is aimed at streamlining the remediation process and making it easier for individuals to hold organizations accountable for mishandling their personal data.
Legal and Regulatory Landscape in Nigeria
The release of the NDP Act GAID is part of Nigeria’s broader push toward strengthening data protection and cybersecurity laws. The Nigeria Data Protection Act (NDP Act), which was signed into law in 2023, was designed to enhance the country’s digital economy by establishing clear regulations on data processing, storage, and transfer.
In another recent regulatory update, the Nigerian Financial Intelligence Unit (NFIU) issued new Guidelines for the Identification, Verification, and Reporting of Suspicious Transactions (STR) on December 18, 2024. This directive aims to strengthen anti-money laundering (AML) compliance and counter-terrorism financing (CTF) measures in Nigeria’s financial sector.
The Future of Data Protection in Nigeria
With the introduction of the NDP Act GAID, the Nigerian government is taking significant steps toward enhancing data security, improving compliance, and ensuring accountability. The framework is expected to:
- Increase transparency in how businesses handle personal data
- Improve legal protections for Nigerian citizens and residents
- Encourage foreign investment by aligning with global data protection standards
The NDPC has urged organizations to review the guidelines carefully and ensure that their data processing practices align with the requirements of the NDP Act.