Skip to main content
NOPE
In Effect Law Data Protection

Nigeria NDPA

Nigeria Data Protection Act 2023

Nigeria's comprehensive data protection law. Section 37 restricts automated decisions. Age of consent 13+ with "where feasible" verification. 72-hour breach notification.

Jurisdiction

Nigeria

Enacted

Jun 12, 2023

Effective

Jun 12, 2023

Enforcement

Nigeria Data Protection Commission (NDPC)

NDPC

Why It Matters

Largest African population (~220M). "Where feasible" age verification signals regulatory expectation.

At a Glance

Who Must Comply

  • Data controllers/processors in Nigeria
  • Foreign entities processing Nigerian residents' data

Obligations fall on:

Safety Provisions

  • Section 37: Restrictions on solely automated decisions; right to human intervention
  • Section 30: Sensitive data (health, children) requires explicit consent
  • Section 31: Children's data requires parental consent; age 13+ with verification "where feasible"
  • Section 40: 72-hour breach notification to NDPC
  • Section 43: DPIA for high-risk processing

Compliance & Enforcement

Penalties

NGN 10M or 2% revenue (whichever higher)

View on map

Nigeria

Focus Areas

Mental health & crisis
Child safety
Algorithmic accountability
Active safeguards required

Cite This

APA

Nigeria. (2023). Nigeria Data Protection Act 2023.

Related Regulations

In Effect ZM

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW

Rwanda AI Policy

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

Proposed KE

Kenya AI Bill

First comprehensive AI bill in Sub-Saharan Africa. Proposes creation of AI Commissioner, AI Authority, and Advisory Committee. Establishes risk-based regulatory model aligned with EU AI Act framework, criminalizes harmful deepfakes, and mandates AI content labeling.

In Effect US

White House AI Legislative Framework

Non-binding White House framework outlining seven legislative pillars for Congress, including child safety protections, federal preemption of state AI laws, liability limitations for AI developers, intellectual property protections, free speech safeguards, AI infrastructure investment, and workforce development. Calls for a unified national standard superseding state AI regulations while preserving state child safety, consumer protection, and anti-fraud laws.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.