Nigeria: Nigeria Data Protection Commission adopted General Application and Implementation Directive 2025 including cross-border data transfer regulation
Description
Nigeria Data Protection Commission adopted General Application and Implementation Directive 2025 including cross-border data transfer regulation
On 20 March 2025, the Nigeria Data Protection Commission (NDPC) adopted the Nigeria Data Protection Act (NDP Act) 2023 General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025), which regulates cross-border data transfers. The directive permits transfers only under conditions such as adequacy decisions, approved transfer instruments, or other lawful bases under Sections 41–43 of the NDP Act. Schedule 5 provides guidance on assessing foreign jurisdictions for adequacy, ensuring compliance with Nigerian data protection standards.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority
Complete timeline of this policy change
Hide details
2024-05-31
under deliberation
2025-03-20
adopted