Print this chapterPrint this chapter

week 8

8.7 NDPR Compliance for Nigerian Database Systems

The Nigeria Data Protection Regulation (NDPR) 2019, issued by NITDA, places significant obligations on organisations that collect and process personal data of Nigerians. Key database-relevant requirements:

 

NDPR Requirement

Database Implementation

Lawful basis for processing

Document why each personal data field is collected

Data minimisation

Only store data you actually need — no speculative collection

Storage limitation

Delete personal data when no longer needed (implement data retention policies)

Integrity and confidentiality

Encrypt sensitive fields; implement access controls

Data subject rights (access, erasure)

Implement mechanisms for users to request their data or deletion

Data breach notification

Implement audit logs to detect and report breaches within 72 hours