Insights, Corporate Communications

Navigating the Uncertainties in the Nigerian Data Protection Act, 2023: Expectations From the National Committee for GAID

The Nigerian Data Protection Act, 2023 (NDPA) is the primary legislation governing data protection in Nigeria. However, despite its robust provisions, the NDPA has left the task of crafting specific regulations and directives for the implementation of the NDPA to the Nigerian Data Protection Commission (NDPC). While this approach provides adaptability to changing circumstances, it also underscores the urgent need for NDPC’s intervention in providing the necessary regulatory framework to effectively implement the NDPA.
In response to this need, the NDPC recently inaugurated the National Committee for NDPA General Application and Implementation Directive (‘GAID”) to ensure the implementation of the NDPA. It is a welcome development as it holds the potential to bring much-needed clarity to the interpretation and application of critical and novel provisions within the NDPA. This article highlights key areas and issues where we anticipate GAID’s guidance and offers some recommendations on the implementation of the NDPA.

A. Designation of data controllers or processors of major importance
The NDPA introduced the designation “data controllers or data processors of major importance” and empowered NDPC to ascertain the specific threshold for qualifying as such. This designation carries additional compliance obligations, such as mandatory registration with the NDPC and the appointment of Data Protection Officers (DPOs). This marks a departure from the NDPR, which requires all data controllers and processors to have designated DPOs. Hence, further guidance from NDPC is needed to (a) clarify which data controllers and processors are exempt or required to comply with these additional obligations and (b) ascertain the registration procedure and requirements for data controllers and processors of major importance.

In addition, GAID may consider the possibility of limiting the requirement to submit annual audit reports to data controllers and processors of major importance, streamlining the compliance process, and concentrating efforts on key data protection stakeholders…

To read the full article, kindly download the PDF

Tolulope Oguntade

Senior Associate

Practice Key Contacts

More To Read

10/07/2026
Turbulent Jurisdiction: Mapping The Boundaries of Nigerian Aviation Claims

Introduction Aviation disputes in Nigeria have a dimension that many other commercial disputes lack: the asset at the centre of the dispute can be airborne

06/07/2026
Nigeria’s Emerging Mining Renaissance: Lithium Discoveries, Billions in Investments, and a 7-Point Agenda – Is Real Transformation Imminent?

Dear Readers, Just weeks after Minister of Solid Minerals Development Dele Alake announced significant discoveries of lithium deposits, alongside major platinum group metals, gold, nickel,