There is growing technological advancement and a continuous shift from manual to digital processes across various sectors globally. This trend has necessitated promulgation of data protection legislation by governments across the world. These legislation are aimed at regulating the collection, collation, storage and processing of personal data by private, public and government entities, as well as safeguarding information of individuals obtained through such digital processes. Nigeria has lagged behind in the development of a regulatory framework for data protection, as there has been a dearth of data protection laws in the country. Hitherto, the void created by the lack of data protection laws was filled, albeit inadequately by the Constitution of the Federal Republic of Nigeria, 1999 (as amended) (the “Constitution”). Aggrieved persons sought refuge in Section 37 of the Constitution which guarantees the privacy of citizens, their homes, correspondences, telephone conversations and telegraphic materials. In addition, certain sectors (such as telecommunications and banking) have issued specific guidelines and regulations governing data protection.
In light of the foregoing, there was a clamour by various stakeholders for the development of an efficient data protection regime in Nigeria, in line with global standards. In response, on the 25th of January 2019, the National Information Technology Development Agency (“NITDA”/ the “Agency”) which is the primary regulatory authority responsible for the administration of electronic governance and monitoring of the use of electronic data and other forms of electronic communication transactions, issued the Nigerian Data Protection Regulation 2019 (the “Regulation”). The Regulation, which to date is the most comprehensive generally applicable legislation on data protection in Nigeria prescribes the minimum data protection requirement for the collection, storage, processing, management, operation and technical control of personal data in Nigeria.