The global attention on data protection and privacy laws has been heightened once again following the recent €91 million fine levied against Meta by the European Union (EU) privacy regulator. This penalty was imposed for improper storage of passwords, a violation of EU data protection regulations. This development serves as a crucial reminder not only for international corporations but also for businesses and legal practitioners in Nigeria to revisit and reinforce their data protection compliance frameworks. Understanding the Context: Meta’s Fine and the Global Shift Towards Data Privacy

‍

Meta’s €91 million fine was imposed under the General Data Protection Regulation (GDPR), the EU’s primary legislation governing data protection. The GDPR mandates stringent rules on how personal data must be collected, processed, and stored. Meta’s infringement involved mishandling of sensitive data, raising questions about how businesses worldwide manage user information.

The incident is particularly relevant to Nigeria as the nation continues to adapt its legal framework to align with global standards. The increased enforcement actions by EU regulators have sparked conversations about the adequacy of local regulations like Nigeria Data Protection Regulation (NDPR) and the Data Protection Act, 2023.

‍

The Nigeria Data Protection Act 2023: Nigeria’s Comprehensive Legal

Framework

With the passage of the Nigeria Data Protection Act 2023 (NDPA), Nigeria has solidified its commitment to safeguarding personal data and ensuring accountability among organizations. The NDPA replaces the Nigeria Data Protection Regulation (NDPR) 2019 and introduces a more robust and comprehensive legal structure. It establishes the Nigeria Data Protection Commission (NDPC) as the regulatory body overseeing data protection compliance in the country, bringing the law closer to international standards like the GDPR.

With the enactment of the Nigeria Data Protection Act 2023, businesses must not only ensure compliance with the new law but also proactively build a culture of data protection within their organizations. Legal practitioners have a pivotal role to play in guiding businesses through this transition by providing expertise in regulatory compliance, risk assessment, and strategic planning.