On the heels of the EU Data Protection Regulations 2018 (GDPR), the National Information Technology Development Agency (NITDA) issued the Nigerian Data Protection Regulation (NDPR) in 2019 on the use and protection of personal data of Nigerians.
While this was a commendable step for the NITDA, there are conflicting positions as to the efficacy and enforceability of the NDPR considering that it is not an Act of the National Assembly and the NDPR is limited in form and scope to adequately protect the personal data of Nigerians. This has led to a clamour for a single data protection Act just like other countries.
There is currently a draft Data Protection Bill 2020 before the National Assembly, which will replace the NDPR if passed into law. The objective of the Bill is to create a regulatory framework for the protection and processing of personal data and to safeguard the rights and freedoms of data subjects which are guaranteed under the Nigerian Constitution.