News & Events



Another highlight of the Nigeria Data Protection Act (“NDPA” or the “Act”) is the establishment of a principal statutory authority known as the Nigeria Data Protection Commission (“NDPC” or the “Commission”). Recall that its predecessor, the Nigeria Data Protection Bureau (“NDPB”) was carved out from the National Information Technology Development Agency (NITDA) in 2022 as a regulatory body with no enabling act. The Commission has now replaced the NDPB as the apex regulator of data protection-related matters in Nigeria. In the ensuing paragraphs, we have examined the transition of the Commission from the NDPB, its structure, powers, functions, and the importance of this to businesses.

From the Nigeria Data Protection Bureau to the Nigeria Data Protection Commission

As noted above, prior to the enactment of the Act, data protection regulation was mainly carried out by the NITDA. However, on January 13, 2022, the Honourable Minister of Communications and Digital Economy was reported to have advised the president of Nigeria of “an urgent need to establish an institution that will focus on data protection and privacy for the country”. This ultimately led to the creation of the NDPB which began operations on February 4, 2022, as an offshoot of NITDA.

The NDPA upon enactment transformed the NDPB to the Commission, the Act transfers and vests all the rights, powers, remedies, documentation, and personnel of the NDPB to the NDPC. Additionally, the Act provides that all orders, rules, and regulations that were made or issued by NITDA or the NDPB shall continue in effect as if they were made or issued by the Commission until they expire, are repealed, or replaced.

Privacy Please – Download Full Publication Here