A blog post by Favour Agunu, Junior Associate.
Data Protection remains a relatively undeveloped field in Nigeria. Although various efforts have been undertaken by the legislature to pass a comprehensive data protection act, all that exists currently are several sector specific laws addressing the use of data and a data protection regulation. The Nigerian Data Protection Regulation (NDPR) was enacted in 2019 by the National Information Technology Development Agency (NITDA) and albeit merely a subsidiary legislation, it is currently the most comprehensive data legislation in Nigeria. Although the regulation contains some commendable provisions regarding the obligations of data controllers and the penalties for beach, its status as a regulation makes it inferior to any Act of the parliament. This has the effect of watering down the potency and applicability of the regulation. 
Data protection is necessarily intertwined with trade especially in the digital age and as such, Nigeria’s data protection status puts the country in a precarious position. As a developing country seeking to grow its exports, its ability to improve internet access and cross-border data flows is of particular importance in overcoming a wide range of local barriers to international trade. Further, data privacy has been considered as an important ingredient in fostering consumer trust in electronic commerce and online transactions. Inefficient data safeguards could result in losses for both businesses and consumers through identity thefts and unauthorized data exploitation. Therefore, Nigeria needs to adopt data protection standards that provide consumer confidence without unduly restricting businesses.
It is recommended that the Nigerian parliament enact an Act that replicates the core set of principles laid down by global and regional data protection initiatives. Further, there is a strong need for a single central regulator that would oversee compliance. Adopting these recommendations will no doubt give Nigeria a competitive front in its international trade efforts.
 Khadijah El-Usman, A push toward data protection legislation in Nigeria, Paradigm Initiative (Sep. 29, 2020), https://paradigmhq.org/a-push-toward-data-protection-legislation-in-nigeria/
 Olumide Babalola, Nigeria’s data protection legal and institutional model: an overview, 2021 Int’l Data Priv. Law 2, https://academic.oup.com/idpl/advance-article/doi/10.1093/idpl/ipab023/6403926,
 El-Usman, supra note 1.
 Emmanuel Salami, The Nigerian Data Protection Regulation 2019: Overview, Effects and Limits, datenschutz notizen (April 2 2019), https://www.datenschutz-notizen.de/the-nigerian-data-protection-regulation-2019-overview-effects-and-limits-3522349/
 Joshua Meltzer, The Internet, Cross-Border Data Flows and international Trade, 22 Issues in Tech. Innovation 1, 12 (2013) https://www.brookings.edu/wp-content/uploads/2016/06/internet-data-and-trade-meltzer.pdf.
 Svetlana Yakovleva & Kristina Irion, Pitching trade against privacy: reconciling EU governance of personal data flows with external trade, 10 (3) Int’l Data Priv. Law 201, 207 (2020), https://academic.oup.com/idpl/article/10/3/201/5813832
 U.N Conference on Trade and Development, Data protection regulations and international data flows: Implications for trade and development, xi, UNCTAD/WEB/DTL/STICT/2016/1/iPub (Apr.2016)
 Id, xii