In March 2025, the Nigeria Data Protection Commission (“NDPC”) issued the Nigeria Data Protection Act (“NDPA”) General Application and Implementation Directive, 2025 (“GAID”). The GAID officially takes effect from 19 September 2025 marking a new phase in Nigeria’s data protection implementation regime. It is important to note that with the issuance of the GAID, the Nigeria Data Protection Regulation, 2019 (“NDPR”) and consequently, the NDPR Implementation Framework, 2020 will no longer be applicable as data protection regulatory instruments in Nigeria.
The GAID provides guidance on the application of the NDPA for the protection of data subjects privacy rights and provides clarification and expands on certain provisions of the NDPA. Notably, the GAID has introduced certain new provisions and additional obligations for data controllers and processors, including:
- a revised threshold for Compliance Audit Returns (“CAR”) Filing and new CAR filing fees;
- mandatory requirements to be met before deploying Emerging Technologies such as: Artificial Intelligence, Blockchain and Internet of Things
- credential assessment and certification of Data Protection Officers (“DPOs”);
- clearer guidance on the designation, roles, and responsibilities of DPOs;
- a standardised template for conducting Data Privacy Impact Assessments;
- requirements to be complied with before relying on legitimate interest as a lawful basis for processing personal data etc.
With the GAID now in force, the NDPC is expected to commence active monitoring and enforcement to ensure compliance. Data controllers and processors should promptly review and update their data protection policies and practices in line with the new requirements. Assessments and audits should also be carried out to identify gaps and implement remedial measures without delay.
AELEX provides Data Protection Officer and Data Protection Compliance Organisation services, as well as general advisory on data protection and privacy. We assist organisations with data protection audits, policy reviews, compliance implementation, and ongoing support to help them meet their obligations under the NDPA and GAID.
--
Read the original publication at ǼLEX
