Nigeria: Data Protection Commission's General Application and Implementation Directive including data protection regulation (NDPC/NDP ACT-GAID/01/2025) enters into force
Description
Data Protection Commission's General Application and Implementation Directive including data protection regulation (NDPC/NDP ACT-GAID/01/2025) enters into force
On 19 September 2025, the Nigeria Data Protection Commission’s (NDPC) General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025) under the Nigeria Data Protection Act (NDP Act) 2023 enters into force, establishing rules for the processing of personal data. The directive outlines the rights of data subjects, including access, rectification, and erasure, and imposes obligations on data controllers and processors to ensure lawful, fair, and transparent processing. It mandates compliance with principles such as purpose limitation, data minimisation, and accountability, as stipulated in Sections 24–27 of the NDP Act.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority
Complete timeline of this policy change
Hide details
2024-05-31
under deliberation
2025-03-20
adopted