Nigeria: National Information Technology Development Agency adopted Nigeria Data Protection Regulation 2019 Implementation Framework

On 17 November 2020, the National Information Technology Development Agency (NITDA) adopted the Nigeria Data Protection Regulation (NDPR) 2019: Implementation Framework. The NDPR mandates that data controllers and processors implement measures to safeguard personal data, including conducting annual data protection audits, publishing privacy policies, and appointing a Data Protection Officer (DPO) in certain cases. The NDPR emphasises transparency, consent management, and the implementation of data protection impact assessments (DPIAs) to mitigate risks associated with data processing activities. Non-compliance with the NDPR can result in administrative sanctions and potential criminal prosecution.