DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ณ๐Ÿ‡ฌ Nigeria

NDPA

Nigeria Data Protection Act 2023

In short
Nigeria's Data Protection Act establishes consent as a key lawful basis. Consent must be freely given, specific, informed and unambiguous, and it cannot be bundled or be a condition of service where not necessary.
Region

Nigeria

Status

In force since 2023

Group

Asia & Africa

Who must comply

Data controllers and processors that process personal data of people in Nigeria, including those based abroad that process such data.

Penalties

Up to the higher of NGN 10 million or 2% of annual gross revenue for data controllers of major importance, with lower amounts for others.

Key obligations

  • Obtain freely given, specific and unambiguous consent where it is the basis
  • Provide clear notice of purpose and rights
  • Honor access, rectification, erasure and portability rights
  • Register as a data controller of major importance where required
  • Report data breaches to the commission within the set timeframe

How ConsentX helps

Freely given, unbundled opt-in consent capture

Geo-aware banner for visitors in Nigeria

Full rights workflow including portability

Consent receipts and evidence logs

Region rule engine tuned for Nigeria

Get NDPA ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with NDPA using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under NDPA.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that NDPA requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a NDPA audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does Nigeria's NDPA require opt-in consent?+

Where consent is the basis it must be freely given, specific, informed and unambiguous, and not bundled into other terms.

Who enforces Nigeria's NDPA?+

The Nigeria Data Protection Commission, the NDPC, supervises and enforces the Act.

Countries under NDPA

๐Ÿ‡ณ๐Ÿ‡ฌ Nigeria

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331