The Nigeria Information Technology Development Agency (the “NITDA”), on the 25th of January 2019, issued the Nigeria Data Protection Regulation, 2019 (the “Data Protection Regulation”).
We understand based on our further interaction with the NITDA, that the Data Protection Regulation is operational from the 25th of January 2019.
The key objectives of the Data Protection Regulation include to:
- safeguard of the rights of natural persons to data privacy;
- foster safe conduct of transactions involving the exchange of personal data;
- prevent manipulation of personal data and
- ensure that Nigerian businesses remain competitive in international trade, through a just and equitable legal regulatory framework on data protection and which regulatory framework is in tune with global best practices.
The new Data Protection Regulation contains provisions regulating Data Processing (including setting down governing principles), Data Security, Rights of Data Subjects, procedure for Data Transfers and processes for implementation of the Data Protection Regulation.
The Data Protection Regulation applies to all transactions in which the personal data of natural persons resident in Nigeria, or natural persons outside Nigeria of Nigerian descent, is being processed.
All public and private organizations in Nigeria, that control data of natural persons, are required to make their respective data protection policies available to the general public within three months after the date of issuance of the Data Protection Regulation.
The issuance of the Data Protection Regulation by the NITDA is a step in the right direction, in providing the much-needed guidance on data protection in Nigeria.