Nigeria: Data Protection Commission adopted General Application and Implementation Directive (NDPC/NDP ACT-GAID/01/2025) including registration as a data controller or data processor of major importance requirement
Description
Data Protection Commission adopted General Application and Implementation Directive (NDPC/NDP ACT-GAID/01/2025) including registration as a data controller or data processor of major importance requirement
On 20 March 2025, the Nigeria Data Protection Commission (NDPC) adopted the Nigeria Data Protection Act (NDP Act) 2023 General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025), which mandates registration for data controllers and processors of major importance. Articles 8–9 and Schedule 7 classify entities into Ultra-High, Extra-High, and Ordinary-High levels, requiring annual registration and compliance audit returns (CAR) filings with prescribed fees.
Original sourceScope
Policy Area
Authorisation, registration and licensing
Policy Instrument
Business registration requirement
Regulated Economic Activity
infrastructure provider: internet and telecom services, infrastructure provider: cloud computing, storage and databases, infrastructure provider: network hardware and equipment, infrastructure provider: other
Implementation Level
national
Government Branch
executive
Government Body
data protection authority