Nigeria: National Information Technology Development Agency adopted Nigeria Data Protection Regulation 2019: Implementation Framework including cross-border data transfer regulation

On 17 November 2020, the National Information Technology Development Agency (NITDA) adopted Nigeria Data Protection Regulation (NDPR) 2019: Implementation Framework. According to the NDPR, for cross-border data transfers, organisations must provide detailed information, including the list of countries involved, the data protection laws of those countries, and an overview of encryption methods and data security standards. NITDA maintains a "White List" of jurisdictions with adequate data protection laws, and transfers to non-listed countries require verifiable documentation of consent or compliance with exceptions stated in the NDPR. Additionally, organisations may use Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs) for transfers within a group of companies.