The Nigeria Data Protection Commission has extended the registration deadline for organizations that are required by law to register as data controllers and data processors of major importance. The new registration deadline is September 30, 2024. Section 44 of the Nigeria Data Protection Act, 2023 mandates designated entities to register with the NDPC. The recent extension provides additional time for eligible organizations to comply with the registration requirements and to ensure that all necessary data protection measures are properly implemented.
The NDP Act defines a “data controller or data processor of major importance” as:
a data controller or data processor that is domiciled, reident in, or operating in Nigeria and processes or intends to process personal data of more than such number of data subjects who are within Nigeria, as the Commission may prescribe, or such other class of data controller or data processor that is processing personal data of particular value or significance to the economy, society or security of Nigeria as the Commission may designate.
On February 14, 2024, the NDPC, pursuant to its powers under the NDP Act, issued the Guidance Notice on Registration of Data Controllers and Data Processors of Major Importance, which provides clarification on the criteria for the determination of organizations that qualify as data controllers and data processors of major importance and on the registration requirements for qualifying organisations. The registration exercise was initially scheduled to end on June 30, 2024.
According to the NDPC’s Guidance Notice, designated entities are organizations that falls within the definition of “data controller or data processor of major importance” as provided in the NDP Act and reproduced above, especially those that process the personal data of more than 200 data subjects in six months. Organizations operating in the following sectors are mostly designated entities:
--
Read the original publication at Banwo & Ighodalo