Nigeria: Data Protection Commission's General Application and Implementation Directive including cross-border data transfer regulation (NDPC/NDP ACT-GAID/01/2025) enters into force

Data Protection Commission's General Application and Implementation Directive including cross-border data transfer regulation (NDPC/NDP ACT-GAID/01/2025) enters into force

On 19 September 2025, the Nigeria Data Protection Commission’s (NDPC) General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025) under the Nigeria Data Protection Act (NDP Act) 2023 enters into force, regulating cross-border data transfers. The directive permits transfers only under conditions such as adequacy decisions, approved transfer instruments, or other lawful bases under Sections 41–43 of the NDP Act. Schedule 5 provides guidance on assessing foreign jurisdictions for adequacy, ensuring compliance with Nigerian data protection standards.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cross-border data transfer regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2024-05-31

under deliberation

On 31 May 2024, the Nigeria Data Protection Commission (NDPC) published the draft Nigeria Data Prot…

2025-03-20

adopted

On 20 March 2025, the Nigeria Data Protection Commission (NDPC) adopted the Nigeria Data Protection…

2025-09-19

in force

On 19 September 2025, the Nigeria Data Protection Commission’s (NDPC) General Application and Imple…

Description

Data Protection Commission's General Application and Implementation Directive including cross-border data transfer regulation (NDPC/NDP ACT-GAID/01/2025) enters into force

Scope

Complete timeline of this policy change