Nigeria: Data Protection Commission adopted General Application and Implementation Directive (NDPC/NDP ACT-GAID/01/2025) including data protection authority governance

On 20 March 2025, the Nigeria Data Protection Commission (NDPC) adopted the Nigeria Data Protection Act (NDP Act) 2023 General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025), which defines the NDPC’s regulatory powers. The directive outlines the Commission’s responsibilities, including issuing guidelines, conducting compliance audits, and enforcing penalties under Sections 5, 6, and 62 of the NDP Act. It also establishes procedures for cooperation with public authorities and sectoral regulators under Article 4 of the GAID.