Last week the Nigerian Data Protection Bureau (NDPB) released a draft of a new Data Protection Bill, one which featured many tenets seen in the EU's GDPR. These include mandates for appointing a data protection officer, breach notification, impact assessments, and restrictions on some cross-border data transfer, among other things.
The bill predominantly covers four core issues:
- The processing of personal data
- Protecting the rights of data subjects and how to do so
- The creation of a Data Protection Commission to independently oversee related matters in both the public and private sectors
- Positioning the Nigeria economy to better participate in the global marketplace
Nigeria is one of over 30 African countries to have some data protection-related law on the books, but most of the continent's countries lack a comprehensive law akin to the GDPR.
Nigeria has tried multiple times in the past several years to pass such a law, and currently have the Nigeria Data Protection Regulation (NDPR) in effect, a law which has not yet proven expansive or effective enough to settle the matter of the collection and processing of personal data within the country.
The NDPB has stated it would like the bill to pass by the end of the year. Even if it does not, with repeated attempts to introduce and pass legislation, it seems only a matter of time until Nigeria, Africa's most populous country and largest GDP, has a comprehensive data protection regulation.