The NDPR, Reinforcing Data Privacy Rights in Nigeria

November 11, 2021 | 5 minutes read
The NDPR, Reinforcing Data Privacy Rights in Nigeria

The Nigerian Data Protection Regulation, 2019, also known as the NDPR for short is a data protection law that was recently passed in Nigeria in 2019. In a similar vein to the European Union’s wide-reaching General Data Protection Regulation or GDPR, the NDPR lays out the legal framework that data controllers and processors are required to follow when processing personal data. The NDPR was issued by Nigeria’s National Information Technology Development Agency or NITDA for short for the purposes of reinforcing the right to privacy afforded to Nigerian citizens under the Constitution. As such, the NDPR guarantees Nigerian citizens a multitude of rights as it pertains to the protection of their personal data.

How are data controllers and processors defined under the NDPR?

Under the NDPR, a data controller is defined as “A person who either alone, jointly with other persons or in common with other persons or as a statutory body determines the purposes for and the manner in which personal data is processed or is to be processed”. Alternatively, a data processor is defined as “the natural or legal person, public authority, service, commission or any other body which, alone or jointly with others processes personal data on behalf of the data controller”. In terms of the scope and application of the NDPR, the personal scope of the law applies to any individual or entity that collects, processes, stores, uses, or shares the personal data of Nigerian citizens.

Conversely, the territorial scope of the NDPR is applicable to all Nigerian citizens, whether they physically reside within the country or elsewhere. Furthermore, the material scope of the law applies to all forms of personal data that are processed within Nigeria. However, there are some exceptions to this, such as personal data that is processed for the purposes of public safety, morality, security, or interests, as well as data processing that could be used to prevent the detection of a crime or the apprehension or prosecution of an offender within Nigeria. Personal data processing used in the context of the publication of literary or artistic works and materials is also exempt from the provisions of the NDPR.

What are the obligations of data controllers and processors under the NDPR?

Much like the EU’s GDPR law, the NDPR sets forth the following data protection principles that data controllers and processors within Nigeria are required to abide by at all times:

What are the rights of Nigerian citizens under the NDPR?

Under the NDPR, Nigerian citizens are entitled to the following rights as it pertains to their personal privacy and data protection:

What are the penalties for noncompliance under the NDPR?

In terms of the penalties related to non-compliance, the NDPR is enforced through section 2.10 of the law as opposed to a single governing body or data authority. As such, data controllers and processors who violate the law are subject to the following penalties:

Although the Constitution of Nigeria does provide Nigerian citizens with the right to privacy, the NDPR serves as a means to reinforce these rights in a more modern context. As such, the NDPR outlines the obligations that data controllers and processors have as it relates to data processing activities, as well as the punishments that can be imposed as a result of failing to comply with the law. As the EU’s GDPR law continues to influence other privacy legislation around the world, laws such as the NDPR was only sure to become more prominent and widespread. More importantly, however, the NDPR provides comprehensive data protection to Nigerian citizens.

Related Reads

Anyone doing business in or with the EU's 27 member states must take redaction seriously or possibly face million euro fines.
June 20, 2024 | 5 minutes read
The EU’s GDPR And How To Best Comply In 2024

What is the GDPR? How do you comply? With CaseGuard Studio, the all-in-one redaction solution, sensitive data redaction is made simple with powerful AI tools.

Learn More »
Two police officers on motor cycles watching people use a cross walk in the UK.
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Doctor in green scrubs looking at multiple computer screens with sensitive medical information on them
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
healthcare worker
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
surveillance-cameras
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
Dark room with an investigator standing behind suspect
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »