Insights

  • Home
  • Insights
  • Nigeria Launches Investigations into Noncompliance with Nigeria Data Protection Act 2023

Share

NigeriaLaunchofInvestigationsforNonComplianc

Nigeria Launches Investigations into Noncompliance with Nigeria Data Protection Act 2023

The Nigeria Data Protection Act 2023 ("NDP Act") seeks to safeguard the fundamental rights, freedoms, and interests of data subjects as enshrined under the Constitution of the Federal Republic of Nigeria.

August 27, 2025 Alert

The Nigeria Data Protection Commission ("NDPC" or "Commission"), in a statement signed by Babatunde Bamigboye, Head of the Enforcement and Regulations Department at the NCPC, said that the Commission, in line with Sections 5(i), 6(a), 6(c), 46(3), and 47(1)-(2) of the NDP Act, has issued compliance notices to certain organizations listed in the schedule of its notice. 

The list of these organizations is available. It targets 1,368 organizations, including financial institutions (795), insurance companies (35), insurance brokers (392), gaming companies (136), and pension companies (10).  

These organizations are required to provide: 

  • Evidence of filing NDP Act Compliance Audit Returns for 2024 (S.6(d) of the NDP Act); 
  • Evidence of designation or appointment of a data protection officer, including name and contact details; 
  • Summary of technical and organizational measures for data protection within the organization; and 
  • Evidence of registration as a data controller or processor of major importance, within 21 days of issuance. 

Failure to comply with the compliance notice may result in enforcement actions, including the issuance of an enforcement order, administrative fines, and/or criminal prosecution in accordance with the NDP Act. 

Other companies acting in Nigeria, outside the listed sectors, are also advised to review their data governance practices in light of the NDPC's enforcement posture.

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.
You May Also Be Interested In

Firm Hosted

2025 Public Company Speaker Series

August 13, 2025 Commentary

European Parliament's New Study on Generative AI and Copyright Calls for Overhaul of Opt-Out Regime

August 11, 2025 Alert

New White House Report Outlines U.S. Policy for Digital Assets

August 06, 2025 Commentary

EU AI Act: European Commission Publishes General-Purpose AI Code of Practice

Before sending, please note:

Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.