- within Privacy, Employment and HR and Corporate/Commercial Law topic(s)
- with Senior Company Executives, HR and Finance and Tax Executives
- with readers working within the Consumer Industries, Technology and Law Firm industries
The Nigeria Data Protection Act – General Application and Implementation Directive came into effect on 19 September 2025. Notably, with its commencement, the Nigeria Data Protection Regulation (NDPR) and its Implementation Framework (NDPRIF) have been formally repealed. The operative framework for data protection in Nigeria is now limited to the Nigeria Data Protection Act 2023 (NDPA) and the GAID 2025.
As highlighted in our prior guidance, the GAID provides the operational framework for implementing the Nigeria Data Protection Act 2023, including detailed requirements on data handling, security measures, accountability obligations, and crossborder data transfers.
Organisations are to review and update their internal data governance practices, privacy policies, and technical safeguards to align with the GAID. Submitting reports or maintaining compliance frameworks that fall short of these standards may expose companies to regulatory scrutiny and penalties.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
