Introduction
On 12 June 2023, the Nigeria Data Protection Act 2023 ("the Act") was signed into law by President Bola Ahmed Tinubu, GCFR. The Act provides a legal framework for the protection of personal information and establishes the Nigeria Data Protection Commission for the regulation of the processing of personal information. The objectives of the Act include:
- Safeguarding the fundamental rights and freedoms, and the interests of data subjects as guaranteed under the 1999 Constitution of the Federal Republic of Nigeria;
- Providing for the regulation of processing of personal data;
- Promoting data processing practices that safeguard the security of personal data and privacy of data subjects;
- Ensuring that personal data is processed in a fair, lawful and accountable manner;
- Protecting data subjects' rights and providing means of recourse and remedies, in the event of the breach of the data subjects' rights;
- Ensuring that data controllers and data processors fulfill their obligations to data subjects;
- Establishing an impartial, independent and effective regulatory Commission to superintend over data protection and privacy issues, andsupervise data controllers and data processors; and
- Strengthening the legal foundations of the national digital economy and guaranteeing the participation of Nigeria in the regional and global economies through the beneficial and trusted use of personal data.
The Act sets out its scope, the lawful basis for processing personal data and prescribes penalties for non-compliance with its provisions. In the subsequent pages, we have highlighted provisions that may be of interest to data controllers and processors or third parties engaged by them and our comments.
Key comments on the Act
To view the full article, click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.