Reforming Data Governance in Nigeria: A Critical Analysis of the Nigeria Data Protection Act, Regulatory Enforcement, and Global Alignment

This article critically examines Nigeria's evolving data protection landscape, focusing on the transition from the Nigeria Data Protection Regulation (NDPR) of 2019 to the more comprehensive Nigeria Data Protection Act (NDPA) of 2023. The research analyzes how this legislative progression addresses previously identified regulatory gaps and aligns with global data governance standards, particularly the EU's General Data Protection Regulation (GDPR). Through comparative analysis of institutional frameworks, enforcement mechanisms, and compliance requirements, the study evaluates the NDPA's strengths and limitations in protecting individual privacy rights while fostering digital innovation. Key findings reveal that while the NDPA significantly strengthens Nigeria's data protection regime through the establishment of the independent Nigeria Data Protection Commission (NDPC), expanded data subject rights, and formalized cross-border data transfer protocols, substantial challenges remain in regulatory independence, judicial efficiency, and emerging technology governance. The article concludes by proposing forward-looking policy recommendations to enhance Nigeria's digital privacy framework, particularly in addressing AI governance, cybersecurity integration, and global data flow adequacy requirements to position Nigeria as a regional leader in data governance.