Nigeria: Data Protection Commission adopted General Application and Implementation Directive including data protection regulation (NDPC/NDP ACT-GAID/01/2025)

On 20 March 2025, the Nigeria Data Protection Commission (NDPC) adopted the Nigeria Data Protection Act (NDP Act) 2023 General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025), which establishes rules for the processing of personal data. The directive outlines the rights of data subjects, including access, rectification, and erasure, and imposes obligations on data controllers and processors to ensure lawful, fair, and transparent processing. It mandates compliance with principles such as purpose limitation, data minimisation, and accountability, as stipulated in Sections 24–27 of the NDP Act.