Abstract/Summary

In the past two decades, the unprecedented incursion of technology into the economic and socio-cultural activities in Nigeria increasingly posed many unanswered questions on data protection and privacy. Consequently, this led to the country’s numerous attempts to enact a principal data protection legislation in addition to the existing sectoral laws on the subject. Despite its ratification of the Economic Community of West African States (ECOWAS) Supplementary Act on data protection in 2010, Nigeria carried on without a general data protection legislation until nine years later when the National Information Technology Development Agency (NITDA), in a face-saving regulatory move, issued the Nigeria Data Protection Regulation (NDPR) as Nigeria’s first all-encompassing and comprehensive, albeit subsidiary legislation on data protection. This article provides an analytical synopsis of Nigeria’s current legal framework on data protection touching its brief history, the general and sectoral enactments on data protection, the enforcement mechanism created under the NDPR as well as the Implementation Framework issued in the mould of guidance notes.