Members of the Udo Udoma & Belo-Osagie (UUBO) have pushed for stakeholders’ collaboration in implementing the Nigerian Data Protection (NDP) Act.
They spoke at a data privacy breakfast held in Lagos with the theme, “The GAID in practice: Navigating Nigeria’s New Privacy Directives.”

The Managing Partner at UUBO, Jumoke Lambo, in her welcome remarks, said the event was organised to provide an opportunity for regulators, policymakers, in-house counsel, data protection officers, and industry leaders.

The aim, she said, was for these various stakeholders to exchange insights on the implementation of the Nigerian Data Protection (NDP) Act’s General Application and Implementation Directives (GAID).

Noting that the NDP landscape has continued to evolve, she said the regulator, the Nigeria Data Protection Commission (NDPC), has continued to set the pace as one of the most active data protection authorities across the continent.

In his presentation, National Commissioner/Chief Executive Officer, NDPC, Vincent Olatunji, described the GAID as an operational blueprint for the NDP Act, 2023, which was issued by the Commission on March 20, 2025.

With the aim of providing clarity and practical guidance on the implementation of the NDP Act, he said the Act takes effect from September 19, 2025, replacing the NDP Rules 2019 as the nation’s principal regulatory guide.

Specifically, Olatunji spoke on Principles of Data Protection; NDP Act Compliance Audit Returns; Data Protection Officer’s Assessment; Data Privacy Impact Assessment; Guidance on Cross-Border Data Transfer and Data Subject Vulnerability Indexes.

Others include legitimate Interest Impact Assessment Template, the Data Subject’s Standard Notice to Address Grievances and the NDP Act Compliance Audit Returns Filing Fee.

He added that complying with the NDP Act GAID is not just a regulatory requirement, but a strategic enabler for trust, innovation, and sustainable growth.

Concerning Data Protection Officers (DPO), he said their contact must be publicly available and communicated to the Commission, adding that yearly credential assessment of DPOs will be conducted to ensure they maintain the requisite level of professionalism to carry out their responsibilities.

In addition, the DPO is required to submit a semi-yearly report to management on the data protection status within the organisation; have unrestricted access to personal data and processing activities to effectively fulfil their role. He stated that the DPOs must operate independently, free from undue influence to ensure objectivity, and maintain confidentiality regarding their work.

Olatunji said: “The successful implementation of the NDP Act depends on cooperation among all stakeholders (data subjects, government, businesses, Civil Society Organisations and the media.”

“Through this collective effort, we can transform compliance into opportunity, strengthen governance, improve services, and enhance Nigeria’s global competitiveness.”