Nigeria: Nigeria Data Protection Commission published draft General Application and Implementation Directive 2024 (NDPC/NDPA-GAID/001/2024) including cross-border data transfer regulation

On 31 May 2024, the Nigeria Data Protection Commission (NDPC) published the draft Nigeria Data Protection Act (NDPA) 2023 General Application and Implementation Directive (GAID) 2024 NDPC/NDPA-GAID/001/2024. According to the draft GAID, Data controllers and processors must assess the data protection laws and practices of the recipient country to ensure they meet the standards set by the NDPA. In cases where adequate protection is not assured, additional safeguards such as standard contractual clauses or binding corporate rules must be implemented. The NDPA also mandates notification to the NDPC for certain transfers.