From principles to practice: Operationalizing Nigeria's Data Protection Act through the GAID

In March 2025, Nigeria's Data Protection Commission published the General Application and Implementation Directive of the Nigeria Data Protection Act 2023, which took effect 19 Sept. 2025.  

As the directive expressly replaced the Nigeria Data Protection Regulation 2019, organizations are working to understand how to transition from the NDPR era into the NDPA-GAID compliance framework. It marks a significant milestone as the first official implementation guideline under the NDPA and is designed not just as a legal document but as a practical roadmap for organizations looking to embed data protection into their day-to-day operations. 

The GAID offers clear, practical guidance on the obligations and compliance expectations set out in the primary legislation. 

Scope analysis: Examining applicability, reach of the GAID

The GAID begins by situating itself firmly within the scope of the NDPA. Article 1 underscores that all processes and transactions relating to the personal data of data subjects in Nigeria must take into account both the material and territorial scope of the NDPA, in line with constitutional obligations.

Importantly, the GAID directly ties the material scope to the Constitution of the Federal Republic of Nigeria, 1999, as amended, emphasizing that privacy is not merely a statutory right but a constitutionally protected interest. 

The GAID offers explanations to Section 2(c) of the NDPA, which states the act applies to processing of personal data even where the data controller or processor is not domiciled in Nigeria, but processes the personal data of data subjects in Nigeria. In line with the principle of universality on civil liberties which guarantees that a natural person's fundamental rights are protected anywhere in the world, Article 1(3-4) of the GAID clarifies the residency rules governing the territorial scope of data subject rights under the NDPA, "regardless of nationality and migration status."