The NDPA imposes an active obligation on organisations to have a privacy program in respect of the personal information they process for their business activities.

Since the coming into effect of the NDPA, businesses engaged in processing of personal information in Nigeria must ensure that there is a legitimate purpose for the information they…

While the law recognises the freedom of individuals to give consent, organisations have the duty to ensure that consents is not arbitrarily used as a basis for information processing.

While the law recognises the freedom of individuals to give consent, organisations have the duty to ensure that consents is not arbitrarily used as a basis for information processing.

Business entities must ensure that information they collect and keep of data subjects are accurate.

Businesses must ensure that personal information of their clients and customers are protected at all times in a manner that guarantees the confidentiality, integrity…

Data breaches are sometimes inevitable in the course of processing activities by an organisation that processes personal information.

Every business organisation engaged in data processing activities must have a process in place that enables data subjects to exercise their privacy rights.

This obligation is in respect of proposed projects of business organisation that feature large personal information processing component.

This obligation is reserved for businesses designated as Data Controller of Major Importance (DCMI) in Nigeria.

Every organisation is required on a yearly basis to carry out an audit of its privacy program as a means of ensuring compliance with the requirements of the law.