Data Protection and Cybersecurity in Nigeria: What You Need to Know

Table of Contents

In the modern age, it is important to understand why data protection and cybersecurity in Nigeria matter to the digital economy. In an increasingly digitised global economy, cybersecurity has become a core pillar of national development, governance, and individual privacy. Cybersecurity refers to the body of technologies and processes that protect networks, computers, and data from attack or unauthorised access.

The World Economic Forum’s 2023 Global Risks Report ranked cybercrime as one of the top 10 risks facing the world today. A computer crime is any criminal activity that uses a computer system or computer network as an instrument or target of crime. Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and networks. Nigeria’s legal framework for cybersecurity is governed by the Cybercrimes (Prohibition, Prevention, etc.) Act 2015. This statute is supplemented by the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act 2023. These laws ensure the integrity, confidentiality, and availability of digital information within the country’s digital economy.


Data Protection and Cybersecurity in Nigeria

The Cybercrime Act 2015: Foundation of Cybersecurity Regulation

The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 represents Nigeria’s first comprehensive legislative framework addressing cyber offences and security. In particular, the Act criminalises a wide range of digital offences, including hacking, identity theft, cyberstalking, cybersquatting, and system interference. Section 1(c) of the Cybercrimes Act provides thus:

“…the objectives of this act are to…promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.”

Its key objectives, therefore, include providing a unified framework for prosecuting cybercrimes and protecting critical national information infrastructure. Thus, it not only criminalises malicious cyber activities but also establishes compliance obligations, institutional frameworks, and national standards for cyber protection. As Nigeria’s digital economy grows, the Act safeguards digital trust, data integrity, and national security through robust cybersecurity regulation. In the context of data protection, Section 37 of the Act obligates financial institutions to ensure the protection of customers’ information. This provision creates a legal basis for safeguarding personal and financial data processed within Nigeria’s digital economy. 

The Cybercrime Advisory Council, established under Section 41, is responsible for formulating and coordinating cybersecurity policies. The National Computer Emergency Response Team (CERT) is to manage and respond to cybersecurity incidents.

Data Protection Under Nigerian Law

The concept of data protection complements cybersecurity by ensuring that personal information is processed lawfully, fairly, and transparently. Before the Nigeria Data Protection Act 2023, the Nigeria Data Protection Regulation 2019 was the main framework governing personal data protection. The NDPR sought to regulate how data controllers collect, store, and use personal information, particularly within the digital economy.

Upon establishment, the NDPA 2023, reinforces data subject rights and establishes the Nigeria Data Protection Commission (NDPC) as the primary regulatory body. Section 24 NPDA requires data controllers to adopt technical and organisational safeguards protecting personal data from unauthorised access, loss, or damage. This mirrors cybersecurity duties outlined under the Cybercrimes Act 2015, reinforcing national standards for data protection and digital security. The NDPA mandates that data controllers must notify the NDPC of a data breach within 72 hours of becoming aware of it. 

INTERSECTION OF CYBERSECURITY AND DATA PROTECTION IN THE DIGITAL ECONOMY

The digital economy refers to an economy that is based on digital computing technologies. It involves the utilisation of information and communication technologies (ICT) across all business sectors to enhance their productivity. Nigeria’s digital economy thrives on data-driven innovation ranging from fintech startups to e-governance and mobile communications. This growth has exposed users to cyber threats such as phishing, ransomware, and identity theft. The Cybercrimes Act and data protection legislation are interdependent in ensuring a secure and trustworthy digital ecosystem. 

According to data from the Central Bank of Nigeria (CBN), reported incidents of financial fraud increased by approximately 26 percent in 2024, reflecting the rising threat to banks, fintech institutions, and consumers. In a related report, the Nigeria Inter-Bank Settlement System (NIBSS) recorded over 740,000 attempted cases of digital fraud across financial platforms in 2023, with verified financial losses exceeding $27 million.

In essence, while cybersecurity focuses on protecting systems and networks from attacks, data protection ensures the lawful handling of personal information. Section 38 CCA mandates service providers to retain traffic data and cooperate with law enforcement agencies when required by law. However, this provision must be balanced against privacy safeguards under the NDPA 2023 to prevent abuse. This balance shows the ongoing tension between national security and individual privacy, a recurring issue in global cybersecurity discourse. 

Read About the New Tax Reform Act in NIgeria

DATA PROTECTION AND CYBERSECURITY IN NIGERIA: CHALLENGES AND WAY FORWARD

The Cybercrimes Act and National Data Protection Act are often enforced simultaneously. Despite the legal framework, Nigeria continues to face key challenges in the implementation of cybersecurity and data protection measures. Specifically, these include limited public awareness, inadequate institutional coordination, and low cybersecurity literacy among small and medium enterprises. The multiplicity of agencies, such as EFCC, NITDA, NDPC, and the CBN, often leads to overlapping functions and fragmented enforcement. 

To strengthen Nigeria’s digital resilience, there is an urgent need for:

  • Enhanced inter-agency collaboration and capacity building
  • Broader public education on data privacy rights
  • Judicial training on digital evidence handling
  • Investment in indigenous cybersecurity infrastructure.

FINAL THOUGHTS ON DATA PROTECTION AND CYBERSECURITY IN NIGERIA

Ultimately, cybersecurity and data protection are indispensable to sustaining trust in Nigeria’s digital economy. The Cybercrimes Act 2015 and the NDPA 2023, together, aim to safeguard Nigeria’s cyberspace from abuse while upholding individual privacy rights. Nevertheless, the effectiveness of these laws depends not just on their existence but on their consistent enforcement and public compliance.

Looking ahead, as Nigeria advances toward a data-driven future, a coordinated strategy for cybersecurity and data protection remains vital. Establishing a comprehensive legal, institutional, and technological safeguard protects citizens’ data, fosters trust, and drives sustainable digital economic growth.


Ojienoh Segun Justice

OJIENOH SEGUN JUSTICE Esq.,

Lead Partner EKO SOLICITORS AND ADVOCATES

Obasa Mofeintoluwa
OBASA MOFEINTOLUWA Esq.,

Counsel EKO SOLICITORS AND ADVOCATES

OLUDAPO DAVID AYANFEOLUWA
OLUDAPO DAVID AYANFEOLUWA

Intern EKO SOLICITORS AND ADVOCATES

Want to keep up with our blog?

Our most valuable tips right inside your inbox, once per month.

Related Posts

CLAIMING MAINTENANCE AFTER DIVORCE IN NIGERIA: THE IMPORTANT THINGS YOU NEED TO KNOW

Divorce, Family Law, Matrimonial Causes

Can Foreigners Own Land in Nigeria: Important Facts You Need to Know

Land Law, Property
Jojobet GirişCasibom GirişJojobet GirişHoliganbetGamdomJojobetJojobetJojobet GirişJojobet GirişCasibom
error: