The National Information Technology Development Agency (NITDA) published a notice of the commencement of the full implementation of the Nigeria Data Protection Regulations 2018 (“the Notice”) on 16 May 2019. The Nigeria Data Protection Regulations (“the Regulations”) regulates the rights of Nigerians to data privacy mandates stricter control of the use, storage, processing and exchange of personal data and cross border transfer of personal data of Nigerian citizens.
Pursuant to the Notice, the full implementation of the Regulations commenced on the 25th of April 2019.
The Notice reiterates the penalty for breaching the Regulations which include:
a. A fine of the greater of 2% of annual gross revenue of the preceding year or the sum of 10 million naira, where the defaulter is a data controller dealing with more than ten thousand data subjects and;
b. A fine of the greater of 1% of annual gross revenue of the preceding year or the sum of 2 million naira, where the defaulter is a data controller dealing with less than 10,000 data subjects.
