🇳🇬
Nigeria

Applicability of the Nigeria Data Protection Act, 2023 (NDPA)

Nigeria's data protection framework is governed by federal legislation that establishes legal requirements for the processing of personal data. The primary role of the Nigeria Data Protection Act, 2023 is to provide a legal framework for the protection of personal data and privacy rights.

The Nigeria Data Protection Act, 2023 was adopted on June 12, 2023 and became effective on June 12, 2023.

The Nigeria Data Protection Act (NDPA) of 2023 establishes comprehensive data protection requirements with specific scope and applicability provisions. The Act applies to the processing of Personal Data whether conducted by automated means or not.

Material Scope

Primary Applicability

The Act covers any operation performed on Personal Data including collection, recording, organization, structuring, and storage, whether through automated or non-automated means. However, the mere transit of data originating outside Nigeria through Nigeria is excluded from the definition of "Data Processing."

Key Exemptions

The Act does not apply in the following cases:

  • Processing solely for personal or household purposes, provided it does not violate fundamental privacy rights
  • Criminal investigation activities
  • Public health emergencies
  • National security matters
  • Journalistic, educational, or literary purposes when in the public interest
  • Legal proceedings (commencement or defense)

Territorial Scope

The Act applies in three specific scenarios:

  • Data Controllers or Processors domiciled in, resident in, or operating in Nigeria
  • Data Processing taking place within Nigeria
  • Non-Nigerian Data Controllers or Processors who process Personal Data of Data Subjects located in Nigeria

Cross-Border Considerations

The Act demonstrates broad extraterritorial authority by covering any processing of Nigerian data subjects' personal data by controllers or processors not established in Nigeria, regardless of the nature of processing. This differs from frameworks like the GDPR, which includes specific targeting criteria.



🇳🇬

Nigeria

keyboard_arrow_down

globe_book Resources (13)

link Nigeria DPAinfolink Nigeria DPAinfolink Nigeria DPAinfolink Nigeria DPAinfolink Nigeria DPAinfolink Nigeria DPAinfolink Nigeria DPAinfolink DLA Piper Data Protection Laws of the World – Nigeriainfolink Nigerian Bar Association Section on Legal Practice (NBA-SLP)infolink Committee of Vice Chancellors of Nigerian Universities (CVCNU)infolink National Information Technology Development Agency (NITDA)link Data Privacy Lawyers Association of Nigeria (DPLAN)infolink Nigeria Data Protection Commission (NDPC)

GroupsConsultants: (5)

Consultations

Need consultation on this jurisdiction?
External consultations
5 external consultations
Leave a request and our managers will help you contact external consultants
❖ Jurisdictions: ➤ Nigeria