Support Center

The NDPA 2023 is Nigeria's primary data protection law, signed into law on June 12, 2023. It replaces the NDPR and transforms the regulatory body into a full Commission (NDPC) with independent enforcement powers.

Penalties are severe. For "Data Controllers of Major Importance," fines can reach up to ₦10 million or 2% of their annual gross revenue. For others, it is up to ₦2 million or 2% of revenue.

Any organization that processes personal data of Nigerian citizens and falls under the category of "Major Importance" (based on volume of data or sensitivity) is legally required to register with the Commission.

The fees are tiered by category:
• UHL (Ultimate Heightened Level): ₦250,000
• EHL (Extra High Level): ₦100,000
• OHL (Ordinary Heightened Level): ₦10,000.

The NDPA grants individuals the right to be informed, the right to access their data, the right to object to processing, the right to data portability, and the right to request deletion (Right to be Forgotten).

Data subjects can withdraw consent at any time. Organizations must provide an easy, cost-free way for users to stop the processing of their personal information.

A Data Protection Compliance Organization (DPCO) is a licensed firm that helps you conduct mandatory annual audits. They act as intermediaries between your organization and the NDPC.

Under the NDPA framework, organizations are expected to conduct continuous assessments, with a formal compliance audit summary submitted to the NDPC annually.