NDPA 2023, translated for product teams.
Skip the legalese. Seven chapters, real examples, and the citations your DPO will recognise.
Seven chapters every Nigerian privacy program needs.
Who the NDPA 2023 applies to, what counts as personal data, and the controller/processor split — in plain English.
The seven principles every Nigerian data controller must satisfy, with worked examples from fintech and health.
When you can rely on consent vs legitimate interest, contract, vital interest, public interest, or legal obligation.
Access, rectification, erasure, portability, objection — and the 30-day clock you must answer them on.
When the 72-hour clock starts, what to file with the NDPC, and what to tell affected subjects.
Adequacy decisions, SCCs, and the supplementary measures you need for non-adequate jurisdictions.
When a DPIA is mandatory, when prior consultation is needed, and how to evidence the rest of §44.
How teams ship from this PDF.
- 01Share with engineering — they need it more than you think.
- 02Map your processing activities against chapters 03 and 07 first.
- 03Run the chapter 04 checklist against your DSR portal today.
- 04Schedule a quarterly re-read; the NDPC’s guidance evolves quickly.