Another highlight of the Nigeria Data Protection Act (NDPA or the Act) is the establishment of a principal statutory authority known as the Nigeria Data Protection Commission (NDPC or the Commission). Recall that its predecessor, the Nigeria Data Protection Bureau (NDPB) was carved out from the National Information Technology Development Agency (NITDA) in 2022 as a regulatory body with no enabling act. The Commission has now replaced the NDPB as the apex regulator of data protection-related matters in Nigeria. In the ensuing paragraphs, we have examined the transition of the Commission from the NDPB, its structure, powers, functions, and the importance of this to businesses.

7 August 23

From the Nigeria Data Protection Bureau to the Nigeria Data Protection Commission
As noted above, before the enactment of the Act, data protection regulation was mainly carried out by the NITDA. However, on January 13, 2022, the Honourable Minister of Communications and Digital Economy was reported to have advised the president of Nigeria of “an urgent need to establish an institution that will focus on data protection and privacy for the country”. This ultimately led to the creation of the NDPB which began operations on 4 February 2022, as an offshoot of NITDA.

The NDPA upon enactment transformed the NDPB to the Commission, the Act transfers and vests all the rights, powers, remedies, documentation, and personnel of the NDPB to the NDPC. Additionally, the Act provides that all orders, rules, and regulations that were made or issued by NITDA or the NDPB shall continue in effect as if they were made or issued by the Commission until they expire, are repealed, or replaced.

Click here to download and read the full alert.

Should you have any questions regarding this legal alert do not hesitate to contact Sumbo Akintola.


Uchechi Ofoegbu – Associate