The NDPC enforces Nigeria's Data Protection Act, 2023. It investigates data breaches, unauthorised sharing of personal data, and can fine organisations up to 2% of their global annual turnover or ₦10 million.
The Nigeria Data Protection Commission is established under the Nigeria Data Protection Act, 2023 (NDPA). It replaced the defunct National Information Technology Development Agency (NITDA) as the primary data protection regulator. The NDPA grants individuals rights: to access their personal data; to correct inaccurate data; to object to processing; to erasure (right to be forgotten); and to data portability. Organisations processing personal data must register with the NDPC, maintain records of processing, appoint a Data Protection Officer (for large-scale processing), and notify individuals and the NDPC of data breaches within 72 hours. Penalties for violations: up to ₦10 million or 2% of annual gross revenue (whichever is higher) for most breaches; up to ₦50 million or 4% for serious violations. To file a complaint: contact the NDPC via ndpc.gov.ng, by email, or by visiting any NDPC office. You can also write directly to the organisation exercising your rights before escalating.
A borrower's phone contacts are harvested and called by a loan app to shame them into repayment. The borrower files a complaint with the NDPC. The app violates the NDPA (no consent, unfair processing) and faces fines and mandatory deletion of harvested contacts.
The Advocate covers Nigerian law and Scripture — 389 real scenarios across 7 countries with exact rebuttals and law references. Free to start.
Explore Nigerian Rights — Free