Nigeria: Data Protection Commission's General Application and Implementation Directive including registration as a data controller or data processor of major importance requirement (NDPC/NDP ACT-GAID/01/2025) enters into force

Data Protection Commission's General Application and Implementation Directive including registration as a data controller or data processor of major importance requirement (NDPC/NDP ACT-GAID/01/2025) enters into force

On 19 September 2025, the Nigeria Data Protection Commission’s (NDPC) General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025) under the Nigeria Data Protection Act (NDP Act) 2023 enters into force, mandating registra…

Scope

Policy Area

Authorisation, registration and licensing

Policy Instrument

Business registration requirement

Regulated Economic Activity

infrastructure provider: internet and telecom services, infrastructure provider: cloud computing, storage and databases, infrastructure provider: network hardware and equipment, infrastructure provider: other

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2025-03-20

adopted

On 20 March 2025, the Nigeria Data Protection Commission (NDPC) adopted the Nigeria Data Protection…

2025-09-19

in force

On 19 September 2025, the Nigeria Data Protection Commission’s (NDPC) General Application and Imple…

Description

Data Protection Commission's General Application and Implementation Directive including registration as a data controller or data processor of major importance requirement (NDPC/NDP ACT-GAID/01/2025) enters into force

Scope

Complete timeline of this policy change