Guess what? Nigeria has passed its Data Protection Act after almost 20 years of waiting! This new law is a big deal because it’ll bring some order to Nigeria’s messy data protection rules, and there are hopes that it’ll generate over 16 billion naira for Nigeria in the data business

It’s an upgrade from the Nigeria Data Protection Regulation (NDPR) from four years ago, but this time, it’s got all the cool stuff that was missing before, like fairness, transparency, and accountability.

Big English. But what does this mean for you?

The Act protects your privacy and your child’s (if you have one). It says that companies have to check your age and let you know when they’re collecting your data, especially if they do it in sneaky ways. Plus, it gives you a bunch of rights over your data, like the power to say “no” to companies using it for things you don’t want.

This could mean you are not getting random SMS or emails from people you didn’t permit to reach you.

Oh, and remember the Nigeria Data Protection Bureau? If you don’t, they’re like the Police of data protection, ensuring everyone follows the law.

Well, there was some drama about whether it was legit or not. But no worries; the Act has now made it all official and legal, so no more questioning its authority.

Now, for this law to actually work, Citizen reached out to Data Protection experts Victoria Oloni and Ridwan Oloyede on what the Nigeria Data Protection Commission (NDPC) must do to step up and take meaningful action. These are their top 10 recommendations:

  1. Clear things up: The NDPC should explain how the old NDPR fits into the new Act. They need to guide businesses on what they’re supposed to do during the transition. Like, what audits do they need? And which countries are okay with data transfers? Just spell it out so nobody gets confused.
  2. Make it simple
    : The Commission should release a regulation explaining all the Act’s complicated parts. People need clear instructions on how to follow the law, especially when sending data outside of Nigeria. And they better not take forever to do it because we need those rules ASAP!
  3. Give us tips: The NDPC should write guidelines on different topics covered by the Act. Like, how do you do a data protection impact assessment? What about privacy at work or using “fancy” technology like AI? They must cover all the important stuff so everybody knows how to play by the rules.
  4. Help us help ourselves: The Commission should create self-assessment tools that allow companies and stakeholders to check if they are following the Act’s specifications. It’s like a checklist to see if they’re doing things right. It’s a win-win because companies can fix their mistakes, and the Commission can focus on the real troublemakers.
  5. FAQs for the win: Since there will be many questions during this transition, the NDPC should make an FAQ document. Just a simple list of answers to common questions so we can all get the basics without having to call them every five minutes.
  6. Get the dream team: The Commission should hire and train many smart people with various skills. They need tech-savvy folks who understand things like cybersecurity and AI. It can’t just be a bunch of lawyers in suits. We need a diverse team that knows what’s up in the digital world.
  7. Be open and honest: The NDPC should be transparent about investigating and making decisions. We want to know what’s happening and how they handle complaints. They could even set up a system where we can track our complaints and see what’s happening. That would be awesome!
  8. Let’s all talk: The Commission should involve everybody in the process, even those who disagree with them. They should listen to different perspectives and not just do their own thing. Civil society, academics, and experts should all have a say because we’re all in this together.
  9. Global Gang: The NDPC should team up with other countries and international organisations to boost Nigeria’s data protection game. They should join cool groups like the Global Privacy Assembly and learn from other African data protection authorities. We want Nigeria to be a global player in this stuff!
  10. Research is key: The Commission should support research on data protection. They should work with universities and private organisations to stay ahead of the game. They need to understand new technologies and their impact on us to make smart decisions and not be clueless.

So, there you have it! The NDPC has a lot on their plate, but Nigeria’s data protection game will be on fire if they get these things right. Let’s hope they make it happen and protect our privacy like champs!



Zikoko amplifies African youth culture by curating and creating smart and joyful content for young Africans and the world.