Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View
Contact Us See a demo

Nigeria’s Data Protection Act, 2023

Operationalize Nigeria’s Data Protection Bill Compliance with PrivacyOps Platform

Last Updated on March 17, 2025

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

Nigeria’s Data Protection Act, 2023 (the “DPA”), enacted on June 12, 2023, provides a comprehensive legal framework for the protection of fundamental rights and freedoms of data subjects. The DPA also establishes the Nigeria Data Protection Commission (the “Commission”) to superintend over data protection and privacy issues and supervise data controllers and data processors. 

The DPA outlines several requirements for the processing of personal data, which include requiring data controllers to undertake Data Protection Impact Assessments (DPIAs) for high-risk data processing activities,  appointing a Data Protection Officer (DPO) with expert knowledge of data protection laws, and ensuring that personal data is processed in a fair, lawful, and accountable manner. 

The DPA also sets out the framework for investigations, compliance orders, enforcement orders, judicial reviews, and civil remedies related to its enforcement.

The Solution

Securiti enables organizations to comply with DPA through its solutions like AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises in their journey toward DPA compliance through automation, enhanced data visibility, and identity linking.

Nigeria Data Protection Act Compliance Solution

See how our comprehensive PrivacyOps platform helps you comply with various sections of Nigeria’s Data Protection Bill.

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.

 

Automate Fulfillment of Data Access Requests

Section: 34(1)(b)

Simplify the DSR requests format by building web forms customized for your brand image to accept verified data subject access requests. Automate the initiation of fulfillment workflows when verified data access requests are received.

Nigerian Act DSR Workbench Dashboard
Nigerian Act Data Rectify Request

Automate the Processing of Rectification Requests

Sections: 34(1)(c)

Seamlessly fulfill data rectification requests with the help of automated data subject verification workflows across all appearances of a data subject’s personal data.

Automate Erasure Requests

Section 35(d)

Quickly fulfill data subject's erasure requests through automated and flexible workflows.

Nigerian Act data erasure request
Nigerian Act processing request

Automate Objection and Restriction of Processing Requests

Sections 35(e), 37

Build a framework for handling objections and restrictions on processing requests based on business requirements with the help of collaborative workflows.

Monitor and Track Consent

Sections: 25(1)(a), 26, 27, 30(1)(a), 31, 35

Collect data subjects’ consent across multiple channels for various purposes, track consent via a centralized dashboard, maintain updated consent records, and allow data subjects to manage their consent preferences via a centralized dashboard.

Nigerian Act Universal Consent Management
Nigeria Data Protection Bill Readiness Assessment

Assess Readiness

Sections 24, 25, 28, 29

Assess your organization's posture against the DPA’s requirements, identify the gaps, and address the risks with the help of our pre-built assessment templates. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain continued compliance.

Map Data Flows and Generate Reports

Section 41, 42, 43

Generate dynamic visual data maps to link personal data to its rightful owners, efficiently monitor cross-border traffic and other key data patterns and exchanges, and maintain updated records of data processing activities.

Nigerian Act Data Flow Mapping
Nigerian Act breach response notification

Automate Data Breach Response Notifications

Section 40

Automate compliance actions and breach notifications to concerned stakeholders in connection to security and data breach incidents by leveraging a knowledge database for incident diagnosis and response.

Manage Vendor Risk

Section 30

Keep track of privacy and security readiness for all your service providers and processors from a single interface. Instantly collaborate with these vendors, and manage all vendor contracts and compliance documents.

Nigerian Act Vendor Risk Management
Nigerian Act Cookie Consent Compliance

Automate Cookie Compliance

Sections: 26, 27, 31

Scan websites to detect and classify tracking technologies such as cookies, web beacons, and similar tracking technologies. Generate customized cookie banners as per DPA, track data subjects’ consent preferences, and maintain updated cookie consent records.

Rights of Data Subjects Under Nigeria’s Data Protection Act, 2023

A data subject is entitled to the following rights concerning the processing of their personal data:

Right to Confirmation

Data subjects have the right to obtain confirmation from the data controller, without constraint or unreasonable delay, whether a data controller or a data processor working on their behalf is storing or otherwise processing the data subject's personal data.

Right to Access Data

Data subjects have the right to access a copy of their personal data in a generally used electronic format unless doing so would result in the data controller incurring unreasonable expenses, in which case the data controller may request the data subject to cover some or all of those costs.

Right to Correction

Data subjects have the right to correction of inaccurate, out-of-date, incomplete, or misleading personal data, or erasure of such data if correction is not practical or appropriate.

Right to Erasure

Data subjects have the right to request the data controller to erase their personal data without undue delay where its retention is no longer necessary for the purposes for which it was collected or processed or the data controller has no other lawful basis for retaining it.

Right to Withdraw Consent

Data subjects have the right to withdraw their consent to the processing of personal data at any time. The data controller must ensure that withdrawal of consent is as easy as giving it.

Right to Object

Data subjects have the right to object to the processing of their personal data. The data controller must discontinue processing unless it demonstrates a public interest or other legitimate grounds, which override the fundamental rights, freedoms, and interests of the data subject.

Right Not to be Subject to Automated Processing

Data subjects have the right not to be subject to a decision based solely on the automated processing of personal data, including profiling, which produces legal or similarly significant effects concerning the data subject.

Right to Data Portability

Data subjects have the right to receive, without undue delay from the data controller, their personal data in a structured, commonly used, and machine-readable format and, where technically feasible, to have the personal data transmitted directly from one data controller to another.

Key Facts About Nigeria’s Data Protection Act, 2023

1

A data controller shall bear the burden of proof for establishing a data subject’s consent and silence or inactivity of the data subject does not constitute consent.

2

Data controllers and data processors of major importance must register with the Commission within 6 months of the DPA’s commencement or on becoming a data controller or data processor of major importance. A ‘data controller or data processor of major importance’ in Nigeria refers to an entity domiciled, resident, or operating in Nigeria that processes or intends to process data for a large number of Nigerian data subjects (as prescribed by the Commission) or processes data vital to Nigeria's economy, society, or security (as designated by the Commission).

3

Upon discovering a personal data breach, a data controller must immediately inform the data controller or the engaging data processor, detailing the nature of the breach and providing an approximate number of affected data subjects and personal data records.

4

When a data controller identifies a personal data breach likely to harm individuals' rights, they must notify the Commission within 72 hours of becoming aware of the breach, detailing its nature and providing an approximate number of affected data subjects and personal data records.

5

A data subject aggrieved by the decision, action, or inaction of a data controller or data processor that violates the DPA, or its subsidiary legislation, may lodge a complaint with the Commission. If dissatisfied with an order of the Commission, they may seek judicial review in the appropriate court within 30 days of the order.

6

The Commission can impose fines if a data controller or processor violates the DPA or its subsidiary legislation. For data controllers or data processors of major importance, the fine can be up to the greater of NGN 10 million or 2% of their preceding financial year's annual gross revenue from Nigeria, while for other data controllers or processors, the fine can be up to the greater of NGN 2 million or 2% of their preceding financial year's annual gross revenue from Nigeria.

7

A data subject, who suffers injury, loss, or harm as a result of a violation of the DPA by a data controller or data processor, may recover damages by way of civil proceedings in the appropriate court.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
Please enter a minimum of 3 characters to begin your search.

Videos

View More

January 20, 2025

Mitigating OWASP Top 10 for LLM Applications 2025

Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...

View More

January 15, 2025

DSPM vs. CSPM – What’s the Difference?

While the cloud has offered the world immense growth opportunities, it has also introduced unprecedented challenges and risks. Solutions like Cloud Security Posture Management...

View More

January 15, 2025

Top 6 DSPM Use Cases

With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...

View More

January 2, 2025

Colorado Privacy Act (CPA)

What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...

View More

December 24, 2024

Securiti for Copilot in SaaS

Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...

View More

November 1, 2024

Top 10 Considerations for Safely Using Unstructured Data with GenAI

A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....

View More

October 29, 2024

Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes

As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...

View More

August 12, 2024

Navigating CPRA: Key Insights for Businesses

What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...

View More

June 3, 2024

Navigating the Shift: Transitioning to PCI DSS v4.0

What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...

View More

January 29, 2024

Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)

AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 14:21

AI Governance Is Much More than Technology Risk Mitigation

AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3

You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge

Watch Now View
Spotlight 47:42

Cybersecurity – Where Leaders are Buying, Building, and Partnering

Rehan Jalil
Watch Now View
Spotlight 27:29

Building Safe AI with Databricks and Gencore

Rehan Jalil
Watch Now View
Spotlight 46:02

Building Safe Enterprise AI: A Practical Roadmap

Watch Now View
Spotlight 13:32

Ensuring Solid Governance Is Like Squeezing Jello

Watch Now View
Spotlight 40:46

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

Watch Now View
Spotlight 10:05

Unstructured Data: Analytics Goldmine or a Governance Minefield?

Viral Kamdar
Watch Now View
Spotlight 21:30

Companies Cannot Grow If CISOs Don’t Allow Experimentation

Watch Now View
Spotlight 2:48

Unlocking Gen AI For Enterprise With Rehan Jalil

Rehan Jalil
Watch Now View

Latest

The ROI of Safe Enterprise AI View More

April 20, 2025

The ROI of Safe Enterprise AI: A Business Leader’s Guide

The fundamental truth of today’s competitive landscape is that businesses harnessing data through AI will outperform those that don’t. Especially with 90% of enterprise...

View More

April 14, 2025

Accelerating Safe Enterprise AI: Securiti’s Gencore AI with Databricks and Anthropic Claude

Securiti AI collaborates with the largest firms in the world who are racing to adopt and deploy safe generative AI systems, leveraging their own...

New Draft Amendments to China Cybersecurity Law View More

April 24, 2025

New Draft Amendments to China Cybersecurity Law

Gain insights into the new draft amendments to the China Cybersecurity Law (CSL). Learn more about legal responsibilities, noncompliance penalties, the significance of the...

View More

April 14, 2025

What are Data Security Controls & Its Types

Learn what are data security controls, the types of data security controls, best practices for implementing them, and how Securiti can help.

View More

April 27, 2025

Top 10 Privacy Milestones That Defined 2024

Discover the top 10 privacy milestones that defined 2024. Learn how privacy evolved in 2024, including key legislations enacted, data breaches, and AI milestones.

View More

April 16, 2025

2025 Privacy Law Updates: Key Developments You Need to Know

Download the whitepaper to discover privacy law updates in 2025 and the key developments you need to know. Learn how Securiti helps ensure swift...

Comparison of RoPA Field Requirements Across Jurisdictions View More

April 24, 2025

Comparison of RoPA Field Requirements Across Jurisdictions

Download the infographic to compare Records of Processing Activities (RoPA) field requirements across jurisdictions. Learn its importance, penalties, and how to navigate RoPA.

Navigating Kenya’s Data Protection Act View More

April 14, 2025

Navigating Kenya’s Data Protection Act: What Organizations Need To Know

Download the infographic to discover key details about navigating Kenya’s Data Protection Act and simplify your compliance journey.

Gencore AI and Amazon Bedrock View More

January 7, 2025

Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock

Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...

DSPM Vendor Due Diligence View More

November 18, 2024

DSPM Vendor Due Diligence

DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...

What's
New