The right to the protection of one’s privacy, especially from intrusions by any individual or state, is enshrined under Section 37 of the Constitution of the Federal Republic of Nigeria,1999 (as amended) and Article 12 of the United Nations (UN) Universal Declaration of Human Rights (UDHR) of 1948. In effect, privacy is a fundamental right, protecting an individual against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Hence, the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is guaranteed and protected. Accordingly, conscious of the concerns around privacy and protection of personal data and the grave consequences of leaving personal data processing unregulated, the Nigeria Government just like its counterpart in the UK, in 2001 established the National Information Technology Development Agency (The Agency) who then promulgated the National Information Technology Development Agency Act (NITDA ACT) in 2007, to create a framework for the planning, research, development, standardization, application, co-ordination, etc. of information technology practices, activities and systems in Nigeria.1 Consequently, in 2019 the Nigeria Data Protection Regulation (NDPR) was enacted.
The NDPR was issued by the NITDA on the 25th of January, 2019 pursuant to Section 32 of the NITDA Act, 2007 as a subsidiary legislation to the NITDA Act, 2007. Thus, apart from other legislations like the Constitution of the Federal Republic of Nigeria, 2011 (as amended)2, the Freedom of Information Act,3the Child Rights Act, 2003,4the Nigeria Communications
Commission Act, 2003, the National Identity Management Commission Act, 2007,5 among others6 on data protection, Nigeria’s principal data protection legislation is the Nigeria Data Protection