Nigeria has taken a major leap forward in protecting the personal data of its citizens with the rollout of a new directive under the Nigeria Data Protection Act (NDPA) 2023. The Nigeria Data Protection Commission (NDPC) unveiled the General Application and Implementation Directive (GAID) 2025, which sets out clear rules for how businesses, government agencies, and other organizations must handle Nigerians’ personal information.
What Does This Mean for Nigerians?
Stronger Data Rights: Nigerians now have the right to know what data is being collected about them, request corrections or deletions, and object to how their data is used-especially for marketing.
Clearer Rules for Companies: Any organization handling sensitive information-like banks, hospitals, and telecoms-must register with the NDPC and conduct annual audits to prove they’re protecting user data.
International Data Transfers: Your data can’t be sent abroad unless the destination country has privacy protections as strong as Nigeria’s. This move aims to prevent misuse of Nigerians’ data overseas.
Quick Complaint Resolution: A new system called SNAG ensures companies must respond to user complaints about data misuse before the NDPC steps in, giving consumers more direct power to hold organizations accountable.
Adapting to New Tech: The directive addresses modern technologies like AI and facial recognition, requiring privacy to be “built in” from the start, not treated as an afterthought.
The NDPA and its new directive aim to bring Nigeria’s data protection standards closer to global benchmarks like Europe’s GDPR, ensuring citizens’ rights are respected in the digital age.
Full implementation of the new rules begins in September 2025, with some provisions, such as those related to fees, starting in January 2026.
