The President of Nigeria, Bola Ahmed Tinubu, has officially approved and enacted the Nigeria Data Protection Bill of 2023.
The Nigeria Data Protection Act of 2023 serves as a legal framework that safeguards individuals’ personal information and regulates the practice of data protection within the country.
During the NDPD Strategic Roadmap and Action Plan (SRAP) validation workshop held in Abuja, the capital city of Nigeria, Dr. Vincent Olatunji, the National Commissioner of the Nigeria Data Protection Bureau (NDPB), revealed this significant development.
Former President Muhammadu Buhari submitted a letter to the Senate and House of Representatives on Tuesday, April 4, 2023, to propose the bill for examination and approval.
Following its journey through the legislative process, the bill has now transformed into an Act, effectively establishing the Nigeria Data Protection Commission. This newly established commission replaces the previously existing Nigeria Data Protection Bureau (NDPB), which President Buhari established back in February 2022.
The primary responsibility of the commission will be placed in the hands of a National Commissioner, who will oversee the regulation of personal information processing.
This recent development in Nigeria marks a significant milestone in the country’s efforts to fortify data protection measures. With the implementation of the Nigeria Data Protection Act, individuals’ personal information will receive legal protection, thereby ensuring their privacy and security.
By creating a dedicated commission for data protection, the Nigerian government aims to enhance the effectiveness and efficiency of data protection practices within the country. The commission will have the authority to enforce data protection regulations and impose penalties for non-compliance, thereby fostering a culture of responsible data handling among individuals, organizations, and institutions.
Furthermore, the Nigeria Data Protection Act aligns with international standards and best practices in data protection. This adherence to global norms emphasizes Nigeria’s commitment to safeguarding personal information and promoting trust and confidence in the digital ecosystem.
In addition to establishing the Nigeria Data Protection Commission, the Act outlines specific provisions and obligations for data controllers and data processors. These provisions dictate the responsibilities and liabilities associated with handling personal information, ensuring transparency, accountability, and consent from data subjects.
Moreover, the Act empowers individuals to exercise their rights regarding their personal data. Individuals now have the right to access, rectify, erase, and restrict the processing of their personal information. They can also object to processing activities and request the portability of their data.
The Nigeria Data Protection Act also emphasizes the importance of data security measures. It requires data controllers and processors to implement appropriate technical and organizational measures to safeguard personal information from unauthorized access, loss, alteration, or disclosure.
To ensure compliance and adherence to the Act, the Nigeria Data Protection Commission will carry out regular audits, inspections, and investigations. This proactive approach will help identify any potential data protection risks or breaches, allowing timely intervention and corrective measures.
Overall, the enactment of the Nigeria Data Protection Act of 2023 signifies a crucial step forward in Nigeria’s data protection landscape. By establishing a comprehensive legal framework and dedicated regulatory authority, the country aims to enhance personal data protection, promote responsible data handling, and foster trust in the digital environment.
