Section 47, NDPA
Compliance orders
(1) Where the Commission is satisfied that a data controller or data processor has violated Compliance on or is likely to violate any requirement under this Act or subsidiary legislation made under this Act, the Commission may make an appropriate compliance order against
that data controller or data processor.
(2) The order made by the Commission under subsection (1) may include a —
(a) warning that certain act or omission is likely to be a violation of one or more provisions under this Act or any subsidiary legislation or orders issued under it;
(b) requirement that the data controller or data processor complies with such provisions, including complying with the requests of a data subject to exercise one or more rights under this Act; or
(c) cease and desist order requiring the data controller or data processor to stop or refrain from doing an act, which is in violation of this Act, including stopping or refraining from processing personal data that is the subject of the order.
(3) An order made under this section shall be in writing and shall specify —
(a) the provisions of this Act that the Commission is satisfied the data controller or data processor has violated;
(b) specific measures to be taken by the data controller or data processor to avoid, remedy, or eliminate the situation which has resulted in the violation;
(c) a period within which to implement such measures; and
(d) a right to judicial review under section 50 of this Act.
This is Section 47 of the Nigeria Data Protection Act 2023. To explore the rest of the legislation, please use the links below: