The Nigerian Data Protection Law

The Nigerian Data Protection Law

September 17, 2019

The oxford dictionary defines data protection as legal control over access to and use of data stored in computers.

Giving our computerized generation today, data security is fundamental.

Data protection is the process of protecting sensitive data such as prevention from identity theft, safeguard of privacy, safe from loss and every unauthorised access.

In a bid to protect data in Nigeria, as a result of the increasing rate of data usage in the country, the government passed the new law “Nigeria Data Protection Regulation (NITDA)2019”. This contains principles that all Government and its agencies, organisations, company and businesses must uphold in order to protect a person’s personal data. This is inclusive of anybody in Nigeria or abroad who is a citizen of Nigeria.

Personal Data in Nigeria may be collected for the following reasons;

  1. Scientific, historical research or statistical purposes.
  2. To archive(store)
  3. Public interest.
  4. Reasons that don’t affect the dignity of a human person

The Law charges the data collector with the responsibility of protecting the data collected by protecting it for harm such as data theft and such person would be responsible for any wrongful action done with another’s data while in their possession. A data collector is also prohibited from transferring such data to a third party.

In spite of the above, data can be legally collected and processed in any of the following ways;

  1. Where the third party has given consent to use the personal data.
  2. For the performance of a contract where the third party is a party.
  3. In compliance with legal obligations
  4. To protect the vital interest of the third party.
  5. For public interest.

The Data subject must be aware of the specific reason for which the data is being collected and it must not be collected through fraud, coercion and undue influence.

The law strictly requires the data controller to add a privacy policy when it is processing Data. It also states that anyone processing data must take security measures to protect the data.

What is the effect of the Data protection law?

The law strictly prohibits any one whether a corporate organisation or non-governmental organisation from transferring a person’s data,  whether it’s their staff on or not to a third party except the data is processed or used in line with any of the above or unless it involves any of the exceptions. Selling of another person’s personal data or transferring of another person’s data without permission is illegal.

The law also strongly condemns the use of personal Data for illicit activities or for something that is against the dignity of human persons.

It provides that data should be used cautiously and personal data privacy secured against attacks such as data theft.


The consequences of the breach of data privacy rights by this regulation is;

(a) Where the data company or person is dealing with over 10, 000 data, they shall pay a fine of 2% of Annual Gross Revenue of the next year or the sum of N10, 000, 000 (Ten Million Naira) whichever is greater.

(b) Where the data company or person is dealing with less than10, 000 data, they shall pay a fine of 1% of Annual Gross Revenue of the next year or the sum of N2, 000, 000 (Two Million Naira) whichever is greater.

This is exclusive of any criminal action that might be brought against them.




The information in this blog post (“post”) is provided for general informational purposes only, no information contained in this post should be construed as legal advice, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through this post without seeking the appropriate legal or professional advice from the particular facts and circumstances at issue from a lawyer. This post is protected by intellectual property law and regulations. It may however be shared using appropriate sharing tools provided that our authorship is always acknowledged and this Disclaimer Notice attached

More Articles


Connect With Us

Got any questions?

If you are having any questions, please feel free to ask.

Send us an email

Frequently Asked

  • Why must I file Annual Returns?

    It is a mandatory statutory requirement under the Companies and Allied Matters Act to file Annual Returns yearly. 

  • What is the first thing I must do to register a business in Nigeria?

    To register a business in Nigeria; you would need to conduct a name search of the business. You can achieve this using your CAC-CRP account.

  • What is a testimonium clause in an agreement?

    This is the part of the agreement where the witness attests to have witnessed the execution of the agreement.

  • What are the benefits of Registering with SON?
    1. Product traceability in the Nigerian market
    2. Detection of counterfeit products
    3. Barriers to the circulation of substandard goods
    4. The official SON Product Registration Logo and number are displayed on registered products.
  • Is it legal to transfer the personal data you obtained legally to another person?

    No, its not legal. This is because the law prohibits anyone from transferring the data of a third party to another person without consent from the third party to do same even if the data was rightfully obtained in the first instance.

  • What is the difference between licensing and assigning a patent?

    Licensing a patent means granting permission to another individual or organisation to make, use as well as sell the creation that has been protected by patent.

    A patent assignment on the other hand, is a finished exchange of patent rights starting with one individual then onto another person.

  • Is there a penalty for late renewal of registration of products with NAFDAC?

    Yes, there is a late renewal fee, which is dependent on the category of the product.

  • Why do i need a Shareholders Agreement?

    You need a Shareholders Agreement to protect your investment in a company.  The shareholders Agreement establishes a fair relationship between all shareholders and sets out how the company is run.

  • What is a trademark?

    A trademark can be any word, sign, symbol or graphic that you apply to your company, goods or services to distinguish them from those of your competitors; for example, a brand, product or company name, or logo. The trademark serves as a badge of origin for your business and its brands and products, and can consist of words, logos, slogans, colours and shapes, or a combination of all of these.

Call Us Now on +234 901 719 0079 Chat on WhatsApp