March 23, 2026
March 23, 2026

DATA PROTECTION ACT 2023

The Nigeria Data Protection Act 2023 is the landmark legislation that provides a legal framework for the protection of personal information and the regulation of data processing in Nigeria. Signed into law on June 12, 2023, it establishes the Nigeria Data Protection Commission (NDPC) and outlines the rights of data subjects. This is the complete Nigerian Data Protection Act 2023. Searching for a section of this act has been made easy on this website.


How to use this guide:

  • Explore Sections: Click on any link in the index below to instantly view any section you are looking for.
  • Search Keywords: Use the site search bar to quickly find sections on “Consent,” “Data Breaches,”, “Cross-border Transfers,” or any other keyword you are looking for.

Have a question about a specific regulation or a suggestion for another Act? Please leave your thoughts in the comments below or contact us here!

Arrangement of Sections

PART I: OBJECTIVES AND APPLICATION

1. Objectives

2. Application

3. Exemption of Application

PART II: ESTABLISHMENT OF THE NIGERIA DATA PROTECTION COMMISSION, AND ITS GOVERNING COUNCIL

4. Establishment of the Nigeria Data Protection

5. Functions of the Commission

6. Powers of the of the Commission

7. Independence of the Commission

8. Establishment of the Governing Council of the Commission

9. Appointment of members of the Council

10. Tenure of members of the Council

11. Cessation of membership

12. Functions and powers of the Council

13. Conflict of interest

PART III: APPOINTMENT OF THE NATIONAL COMMISSIONER, AND OTHER STAFF OF THE COMMISSION

14. Appointment of the National Commissioner for the of the Commission

15. Secretary to the Council

16. Staff of the Commission

17. Staff regulations and discipline

18. Pension

PART IV: FINANCIAL PROVISIONS

19. Funds of the Commission

20. Expenditure of the Fund

21. Power to borrow and accept gifts

22. Account and audit

23. Annual reports and estimates

PART V: PRINCIPLES AND LAWFUL BASIS GOVERNING PROCESSING OF PERSONAL DATA

24. Principles of personal data processing

25.Lawful basis of personal data processing

26. Consent

27. Provision of information to the data subject

28. Data privacy impact assessment

29. Obligations of the data controller and data processor

30. Sensitive personal data

31. Children or persons lacking the legal capacity to consent

32.Data Protection Officers

33. Data protection compliance services

PART VI: RIGHTS OF A DATA SUBJECT

34. Right of a data subject

35. Withdrawal of Consent

36. Right to object

37. Automated decision making

38. Data portability

PART VII: DATA SECURITY

39. Security, integrity and confidentiality

40. Personal data breaches

PART VIII: CROSS-BORDER TRANSFERS OF PERSONAL DATA

41. Basis for cross-border transfer of personal data

42. Adequacy of protection

43. Other bases for transfer of personal data outside Nigeria

PART IX: REGISTRATION AND FEES

44. Registration of data controllers and processors of major importance

45. Fees and levies

PART X: ENFORCEMENT

46. Complaints

47. Compliance orders

48. Enforcement orders

49. Offences and penalties

50. Judicial review

51. Civil remedies

52. Forfeiture

53. Joint and vicarious liability

PART XI: LEGAL PROCEEDINGS

54. Limitation of suits against the Commission

55. Service of documents

56. Restriction on execution against property of the Commission

57. Indemnity of staff, members, and employees of the Commission

58. Power of arrest, search and seizure

59. Right to appear in court

PART XII: MISCELLANEOUS PROVISIONS

60. Directives by the Minister

61. Regulations

62. Directives, codes, and guidelines

63. Priority of the Act

64. Transitional provisions

65. Interpretation

66. Citation

Get Ahead of the Curve.

Receive awesome, cutting-edge insights directly in your inbox.

We don’t spam! Read our privacy policy for more info.