In a recent development, data privacy experts have criticized Nigerian government agencies for failing to comply with the Nigeria Data Protection Act (NDPA) 2025 despite explicit directives from President Bola Tinubu. This lapse in adhering to the NDPA underscores significant challenges in implementing and enforcing robust data protection measures within governmental institutions.
President’s Call for Compliance
In July 2025, President Tinubu issued a directive that all Ministries, Extra-Ministerial Departments, and Agencies (MDAs) must strictly adhere to the NDPA. The president emphasized the importance of data as “the new oil,” whose value lies in being refined and responsibly shared.
“Data is like crude oil; it’s not valuable until you refine it,” President Tinubu stated at a press conference. “We need to rigorously capture information while ensuring its security.”
- Compliance Mandate: The NDPA requires government websites and mobile applications to publish clear privacy policies, disclose cookie usage, and provide data subjects with the option to accept or decline cookies.
- Transparency Obligation: Article 7 of the General Accountability in Data (GAID) Act stipulates that data controllers must make organizational privacy policies available on their platforms to educate users about data processing activities and associated rights and duties.
Tinubu’s directive aimed to create an environment where government agencies lead by example, fostering a culture of transparency and accountability in data handling.
Current State of Compliance
The lack of visible privacy policies on many government websites raises concerns among legal experts. Digital Rights Lawyer Solomon Okedara pointed out that the absence of these documents signifies a direct contravention of existing laws.
“Government institutions are some of the largest data controllers in Nigeria, and their non-compliance sends a worrying signal,” said Okedara. “It’s imperative for them to publish clear policies demonstrating their commitment to protecting user data.”
The failure to implement these measures not only undermines trust but also jeopardizes users’ rights to privacy as outlined by the NDPA.
Expert Opinions on Compliance
Barrister Olalekan Bosede, a legal expert specializing in data protection, highlighted the necessity for government agencies to display their privacy policies and cookie notices prominently. He emphasized that these measures are crucial for demonstrating compliance with the law.
“Government websites must publish clear privacy policies and disclose how cookies are used in line with Section 24 of the NDPA,” said Bosede. “It’s a legal obligation.”
The GAID further mandates that data controllers provide privacy notices at their homepage, ensuring that users have an opportunity to accept or decline cookie usage.
- Display Requirements: Cookie notices should significantly obstruct one of the three sides (middle, left, right) of a website’s homepage to ensure visibility. Placing such notifications at the bottom of webpages is considered insufficient due to potential user oversight.
Bosede stressed that non-compliance with these display requirements constitutes a lack of transparency in data processing activities.
NDPC’s Role in Enforcement
The National Data Protection Commission (NDPC) plays a pivotal role in ensuring compliance with the NDPA. Experts recommend that the NDPC should not only compile lists of non-compliant agencies but also take proactive measures to enforce regulations.
“The NDPC must impress upon MDAs the necessity of complying so their processing activities can be transparent and aligned with the law,” advised Okedara. “This involves continuous monitoring, audits, and public reporting.”
The commission’s oversight is critical for fostering a culture where data protection is taken seriously across all levels of government.
Consequences of Non-Compliance
Failing to comply with the NDPA can lead to severe consequences for governmental institutions. According to Section 35(1) of the NDPA, non-compliant entities are subject to administrative penalties, including fines up to N50 million and possible criminal charges.
In addition to legal repercussions, non-compliance may harm public trust in government services and undermine efforts towards digital transformation.
Steps Towards Compliance
To address the current gaps in compliance, government agencies must prioritize the following steps:
- Publish Privacy Policies: Clearly define how personal data is collected, stored, used, and protected on their websites. Ensure these policies are easily accessible to users.
- Implement Cookie Notices: Display cookie notices prominently at the homepage of official websites, allowing users to accept or decline cookies with ease.
- Regular Audits: Conduct regular audits of data processing activities and update privacy policies as needed. This ensures ongoing compliance with evolving legal requirements.
Educating the Public on Data Privacy Rights
To foster a culture of transparency, government agencies should also focus on educating the public about their rights under the NDPA. By raising awareness, users can better understand how to protect their personal information online.
“Education is key,” stated Okedara. “Government institutions must take proactive steps to inform citizens about their data privacy rights and responsibilities.”
Public seminars, workshops, and digital campaigns are essential for disseminating this critical information effectively.
The Importance of Leading by Example
For the NDPA to be successful in Nigeria, it is crucial that government agencies lead by example. By demonstrating a commitment to data protection best practices, they can set standards that private sector entities will strive to emulate.
- Transparency: Be open about data collection and usage policies. This builds trust with the public and encourages others to follow suit.
- Accountability: Hold government officials accountable for any breaches in compliance. This sends a strong message that non-compliance will not be tolerated.
Role of Civil Society Organizations (CSOs)
Civil society organizations play an essential role in advocating for robust data protection measures and holding government agencies accountable. CSOs can collaborate with the NDPC to monitor compliance and report any violations.
“We need a collective effort from all stakeholders, including CSOs, to ensure that Nigeria’s data privacy landscape is both secure and transparent,” said Bosede.
Through public advocacy, legal action, and collaboration with regulatory bodies, CSOs can significantly contribute to the enforcement of the NDPA.
The compliance gap in governmental institutions represents a significant challenge for Nigeria’s data protection framework. While President Tinubu’s directives set a clear path forward, sustained efforts from all stakeholders are necessary to achieve full compliance with the NDPA. By prioritizing transparency and accountability, government agencies can not only protect user data but also build public trust.
For more information on dental health and related services, visit zsalyadental.hu.
Further Reading
- Data Privacy in Nigeria: A comprehensive guide to understanding the NDPA 2025. (Read More)
- The Role of CSOs in Data Protection: How civil society organizations can support compliance and enforcement. (Learn More)
Table: Key Provisions of the NDPA 2025
| Section | Description |
| Article 7(k) | Publish organizational privacy policies on platforms to educate data subjects. |
| Article 7(l) | Provide privacy and cookie notices at the homepage of websites. |
| Section 24 | Mandate transparency in data processing activities for government institutions. |
The road to full compliance with the NDPA requires a collective effort from all stakeholders. By working together, Nigeria can establish a robust and secure data protection framework that benefits both citizens and businesses alike.