Compliance Audit Report Filing Regime under the General Application and Implementation Directives: Assessing Regulatory Gap

In an era where technological advancement fuels innovation and drives competition, regulatory clarity has become critical to regulate exchange and protection of personal data, and ultimately human privacy and dignity. Recognizing this reality, the Nigeria Data Protection Commission (the “Commission”), on March 20, 2025, issued the General Application and Implementation Directive (the “GAID” or “Directive”) pursuant to its powers under the Nigeria Data Protection Act 2023 (the “Act”).

The issuance of the GAID represents the Commission’s commitment to further solidify data protection framework in Nigeria whilst ensuring that every individual and organization subject to the Act understands and implement the provisions of the Act accordingly, thereby upholding the foundational right to privacy as enshrined in section 37 of the 1999 Constitution of the Federal Republic of Nigeria (as amended) (the “Constitution”).

The GAID, with a view to ensuring clarity and effectiveness in data protection legal framework, re-emphasizes the clear priority of the Act over conflicting laws as provided in section 63 of the Act . It further directs that where its provisions conflict with the provisions of the Act, the Act takes precedence.