Digital Policy Alert logo

Nigeria: Implemented Data Protection Act, 2023 (Act No. 37) including cybersecurity regulation

Policy overview

Description

Implemented Data Protection Act, 2023 (Act No. 37) including cybersecurity regulation

On 12 June 2023, the Data Protection Act, 2023 (Act No. 37), which outlines cybersecurity obligations, entered into force. The Act requires data controllers and processors to implement cybersecurity measures proportionate to the amount and type of personal data being processed and the manner of processing. The Act requires data controllers and processors to notify the Nigeria Data Protection Commission and affected data subjects of relevant breaches.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2023-02-25
under deliberation

On 25 February 2023, the Nigerian Federal Executive Council (FEC) approved the Nigeria Data Protect…

2023-05-24
adopted

On 24 May 2023, the House of Representatives adopted the Data Protection Bill, including cybersecur…

2023-06-12
in force

On 12 June 2023, the Data Protection Act, 2023 (Act No. 37), which outlines cybersecurity obligatio…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.