TheArtOfService
Back to Frameworks

Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)

Self-Assess
Nigeria
30 domains
33 controls

Nigeria Data Protection Regulation (NDPR) 2019, which provides initial data protection rules, and the Nigeria Data Protection Act (NDPA) 2023, which supersedes the NDPR and introduces expanded obligations, breach notification, and higher penalties.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (30)

Accountability

1 controls
Controls in the Accountability domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S33-ACCOUNTABILITYAccountability and Records (Section 33)

Audit

1 controls
Controls in the Audit domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPR-ART4-AUDITAnnual Compliance Audit Return (Article 4.1.7)

Automated Processing

1 controls
Controls in the Automated Processing domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S37-ADMAutomated Decision-Making (Section 37)

Children Data

1 controls
Controls in the Children Data domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S31-CHILDRENChildren and Persons Lacking Capacity (Section 31)

Complaints

1 controls
Controls in the Complaints domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S46-COMPLAINTSComplaints to the Commission (Section 46)

Consent

1 controls
Controls in the Consent domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S26-CONSENTConditions for Valid Consent (Section 26)

DPCO

1 controls
Controls in the DPCO domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-DPCOData Protection Compliance Organisation Engagement

Data Subject Rights

3 controls
Controls in the Data Subject Rights domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)3 controls
CodeTitle
NDPA-S34-RIGHTSData Subject Rights (Section 34-37)
NDPA-S35-ERASURERight to Erasure (Section 35)
NDPA-S38-PORTABILITYData Portability (Section 38)

Disclosure

1 controls
Controls in the Disclosure domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPR-ART2-3RDPARTYThird-Party Data Sharing Notice (Article 2.11)

Enforcement

1 controls
Controls in the Enforcement domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S48-PENALTYEnforcement and Penalties (Section 48)

Governance

1 controls
Controls in the Governance domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S32-DPOData Protection Officer Appointment (Section 32)

HR Data

1 controls
Controls in the HR Data domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S43-EMPLOYMENTEmployment Data Processing (Section 43)

Implementing Rules

1 controls
Controls in the Implementing Rules domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-GAID-2025General Application and Implementation Directive (GAID) 2025

Incident Response

1 controls
Controls in the Incident Response domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S40-BREACHPersonal Data Breach Notification (Section 40)

International Transfers

2 controls
Controls in the International Transfers domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)2 controls
CodeTitle
NDPA-S41-TRANSFERCross-Border Transfers Adequacy (Section 41)
NDPA-S42-SAFEGUARDSTransfer Safeguards and Derogations (Section 42)

Lawful Basis

1 controls
Controls in the Lawful Basis domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S24-LAWFULLawful Basis for Processing (Section 25)

Marketing

1 controls
Controls in the Marketing domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S38-OBJECT-MARKETINGRight to Object to Direct Marketing (Section 36)

Principles

1 controls
Controls in the Principles domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S24-PRINCIPLESData Protection Principles (Section 24)

Privacy by Design

1 controls
Controls in the Privacy by Design domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-DPBPPrivacy by Design and Default (Section 39(3))

Public Sector

1 controls
Controls in the Public Sector domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPR-ART2-LAWFUL-PIPublic Institutions Use of Personal Data (Guideline 2020)

Registration

1 controls
Controls in the Registration domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S44-REGRegistration of Data Controllers/Processors of Major Importance (Section 44)

Regulator

1 controls
Controls in the Regulator domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S5-NDPCEstablishment and Functions of NDPC (Section 5)

Regulator Powers

1 controls
Controls in the Regulator Powers domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S45-INSPECTInvestigations and Inspections (Section 45)

Retention

1 controls
Controls in the Retention domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S24-RETENTIONRetention and Erasure (Section 24(1)(e))

Risk Assessment

1 controls
Controls in the Risk Assessment domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S28-DPIAData Protection Impact Assessment (Section 28)

Security

1 controls
Controls in the Security domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S39-SECURITYSecurity of Processing (Section 39)

Special Categories

1 controls
Controls in the Special Categories domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S30-SENSITIVESensitive Personal Data Processing (Section 30)

Third Parties

1 controls
Controls in the Third Parties domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S29-PROCESSORController-Processor Contracts (Section 29)

Training

1 controls
Controls in the Training domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPR-ART3-AWARENESSPrivacy Awareness and Training (Article 3.1.4)

Transparency

1 controls
Controls in the Transparency domain of Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)1 controls
CodeTitle
NDPA-S27-PRIVACY-NOTICEInformation to Data Subjects (Section 27)

Frequently Asked Questions

What is Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)?

Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) is a compliance framework from Nigeria with 30 domains and 33 controls. Nigeria Data Protection Regulation (NDPR) 2019, which provides initial data protection rules, and the Nigeria Data Protection Act (NDPA) 2023, which supersedes the NDPR and introduces expanded obligations, breach notification, and higher penalties. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) have?

Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) has 33 controls organised across 30 domains. The largest domains are Data Subject Rights (3 controls), International Transfers (2 controls), Accountability (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) map to?

Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.

How do I get started with Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) compliance?

Start your Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 33 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 768 frameworks.

Get Started Free →

Free forever — no credit card required