Insights, Corporate Communications

Navigating the Uncertainties in the Nigerian Data Protection Act, 2023: Expectations From the National Committee for GAID

The Nigerian Data Protection Act, 2023 (NDPA) is the primary legislation governing data protection in Nigeria. However, despite its robust provisions, the NDPA has left the task of crafting specific regulations and directives for the implementation of the NDPA to the Nigerian Data Protection Commission (NDPC). While this approach provides adaptability to changing circumstances, it also underscores the urgent need for NDPC’s intervention in providing the necessary regulatory framework to effectively implement the NDPA.
In response to this need, the NDPC recently inaugurated the National Committee for NDPA General Application and Implementation Directive (‘GAID”) to ensure the implementation of the NDPA. It is a welcome development as it holds the potential to bring much-needed clarity to the interpretation and application of critical and novel provisions within the NDPA. This article highlights key areas and issues where we anticipate GAID’s guidance and offers some recommendations on the implementation of the NDPA.

A. Designation of data controllers or processors of major importance
The NDPA introduced the designation “data controllers or data processors of major importance” and empowered NDPC to ascertain the specific threshold for qualifying as such. This designation carries additional compliance obligations, such as mandatory registration with the NDPC and the appointment of Data Protection Officers (DPOs). This marks a departure from the NDPR, which requires all data controllers and processors to have designated DPOs. Hence, further guidance from NDPC is needed to (a) clarify which data controllers and processors are exempt or required to comply with these additional obligations and (b) ascertain the registration procedure and requirements for data controllers and processors of major importance.

In addition, GAID may consider the possibility of limiting the requirement to submit annual audit reports to data controllers and processors of major importance, streamlining the compliance process, and concentrating efforts on key data protection stakeholders…

To read the full article, kindly download the PDF

Practice Key Contacts

More To Read

17/05/2024
Concurrent Delay in Construction Contracts: A Pragmatic Perspective

Introduction Delays on construction projects are common, often creating disputes over responsibility, extension of time and liquidated damages. Concurrent delays, where both the contractor and

07/05/2024
Innovating Finance: How IP Insurance Can Transform Nigerian Innovative Startups.

Introduction In the evolving global economy, intellectual property (IP) has emerged as a critical asset for businesses, especially for startups and innovation-driven enterprises. IP assets,