DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

πŸ‡³πŸ‡¬ Sub-Saharan Africa

Cookie consent in Nigeria

Consent and privacy law in Nigeria

In short
Nigeria enacted the Nigeria Data Protection Act in 2023, creating the NDPC as a statutory regulator and building on the earlier NDPR regulation of 2019. The Act follows GDPR-style principles with lawful bases, data subject rights, and breach notification. A distinctive feature is the category of data controllers and processors of major importance, which face heavier obligations including registration and, for the most serious breaches, fines up to 10 million naira or 2 percent of annual gross revenue. The Act also continues the practice of requiring data protection compliance organisations to support audits. Consent must be freely given, specific, and informed. Notices in English are common.
Authority
Nigeria Data Protection Commission (NDPC)
Status

Nigeria Data Protection Act 2023, building on the earlier NDPR of 2019

Primary law
NDPA
Languages

en

Who must comply

Data controllers and processors that process personal data of people in Nigeria, including those based abroad that process such data.

Penalties

Up to 10 million naira or 2 percent of annual gross revenue for major data controllers

Key obligations

  • Obtain freely given, specific and unambiguous consent where it is the basis
  • Provide clear notice of purpose and rights
  • Honor access, rectification, erasure and portability rights
  • Register as a data controller of major importance where required
  • Report data breaches to the commission within the set timeframe

Local guidance

  • Determine if you are a controller of major importance
  • Register with the NDPC where required
  • Use freely given, specific, and informed consent
  • Conduct compliance audits where applicable

How ConsentX helps

  • Freely given, unbundled opt-in consent capture
  • Geo-aware banner for visitors in Nigeria
  • Full rights workflow including portability
  • Consent receipts and evidence logs
  • Region rule engine tuned for Nigeria
Get started free
yoursite.com
πŸ‡³πŸ‡¬ Nigeria

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Nigeria using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Nigeria.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Nigeria requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Nigeria audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

What is a data controller of major importance in Nigeria?+

It is a category under the 2023 Act for controllers and processors that handle significant volumes or sensitive data. They face heavier obligations including registration and higher potential fines.

Which regulator enforces data protection in Nigeria?+

The Nigeria Data Protection Commission, the NDPC, is the statutory regulator created by the Nigeria Data Protection Act 2023.

Governing law

πŸ‡³πŸ‡¬ NDPA

Other countries in Sub-Saharan Africa

πŸ‡ΏπŸ‡¦ South AfricaπŸ‡°πŸ‡ͺ KenyaπŸ‡¬πŸ‡­ Ghana