Nigeria strengthens data protection framework with NDP Act GAID directive

By  Osasómé C.O and  Nana Theresa Timothy

NDPC unveils landmark regulatory instrument to enhance compliance and privacy rights enforcement.

In a significant move to bolster data privacy and protection across sectors, Nigeria has passed the NDP Act General Application and Implementation Directive (NDP Act GAID), a regulatory framework designed to enforce compliance, safeguard citizens’ data rights, and align the country’s data protection standards with global best practices.

RELATED: NDPC inaugurates national committee for GAID on Nigeria Data Protection Act

The Nigeria Data Protection Commission (NDPC), led by Dr. Vincent O. Olatunji, National Commissioner/CEO, described this development as a milestone in Nigeria’s commitment to upholding the fundamental rights of its citizens, particularly in the face of emerging technologies and the Fourth Industrial Revolution.

“This historic Presidential Assent reaffirms Nigeria’s dedication to protecting the privacy of its citizens, as enshrined in Section 37 of the Constitution of the Federal Republic of Nigeria (as amended),” Olatunji stated.

Key Focus Areas of the NDP Act GAID

The NDP Act GAID introduces comprehensive technical and organizational measures to ensure data controllers and processors adhere to the highest standards of privacy protection. The directive covers 13 key areas, including:

ADVERTISEMENT

• Data Protection Principles & Lawful Bases for Processing – Ensuring compliance with fundamental privacy rights.
• Data Subjects’ Rights – Strengthening individuals’ control over their personal data.
• Cross-Border Data Transfer Regulations – Establishing safeguards for international data flows.
• Data Privacy Impact Assessments – Mandating risk evaluation for high-impact data processing activities.
• Data Ethics & Artificial Intelligence (AI) Governance – Addressing ethical considerations in AI-driven data processing.
• Training & Certification of Data Protection Officers (DPOs) – Enhancing industry expertise and professional accountability.
• Benchmarking with Global Best Practices – Aligning Nigeria’s framework with international data protection regulations.
• Standardized Grievance Redress Mechanism – Providing streamlined dispute resolution processes.

Empowering Nigerians: A New Era for Data Protection Enforcement

A key highlight of the NDP Act GAID is its democratization of the privacy breach remediation process, ensuring data subjects can seek redress without bureaucratic bottlenecks.

“We have introduced the Standard Notice to Address Grievance (SNAG), which allows over 230 million Nigerians to demand remedial action directly from data controllers and processors without first lodging complaints with the Commission,” Olatunji announced.

This initiative, supported by automation and digital accessibility, ensures that Nigerians, regardless of location, can easily access the SNAG system to hold organizations accountable for data breaches.

Implementation Timeline & Stakeholder Engagement

In line with the Federal Government’s policy on an Enabling Business Environment, the full implementation of the NDP Act GAID will commence in September 2025, providing a six-month transition period for organizations to comply. Additionally, all provisions related to fees will take effect from January 2026.

The NDPC has pledged to issue guidance notices, advisories, and capacity-building programs to assist organizations in compliance efforts.

“We are committed to a collaborative regulatory approach, ensuring all stakeholders have equal opportunities while fostering economic growth through responsible data governance,” Olatunji added.

Nigeria’s Data Protection Strategy: A Global Benchmark

With the introduction of NDP Act GAID, Nigeria is reinforcing its position as a leader in data protection across Africa, aligning its policies with frameworks such as:

ADVERTISEMENT

• European Union’s General Data Protection Regulation (GDPR)
• African Union Convention on Cybersecurity and Personal Data Protection
• Global best practices in data privacy, ethics, and digital rights

By implementing stronger oversight mechanisms, promoting AI and data ethics, and ensuring cross-border data compliance, Nigeria is setting a new standard for digital privacy governance.

A New Era of Data Protection Enforcement

The passage of the NDP Act GAID marks a new era of data protection enforcement in Nigeria, with a clear focus on:

• Protecting citizens’ privacy rights in an increasingly digital world.
• Holding organizations accountable through structured compliance audits.
• Strengthening Nigeria’s global reputation as a data protection leader.

As organizations prepare for the September 2025 compliance deadline, the NDPC urges all stakeholders to embrace the new regulatory framework. Organisations must ensure a secure, ethical, and privacy-centric digital ecosystem for all Nigerians.