Thomas Ali Gaga, Obuzor Kenneth Oragwu


The paper evaluates the laws which regulate and govern data protection in Nigeria and contrasts them with that of a selected African Nation (South Africa). It then makes recommendations for improvement of data protection practices in Nigeria as policy gaps are identified and analysed (referencing global best practices for guidance), thereby positively impacting the data protection regime of the Nation. The term Data Protection is used when referring to the process of safeguarding vital information from corruption or compromise, and from theft or loss. As the amount of data being created has continued to grow, the need for the protection of same has continued to increase. Consequently, a significant part of any data protection strategy has to be based on ensuring that data can be restored quickly after corruption or loss. Protecting data from compromise and ensuring data privacy are other key components of data protection; however, where there are no laws to enforce these in the event of breach, the essence of those rights is lost. In order to uphold the sanctity of these rights, many nations of the world have put in place regulations and other mechanisms to guarantee them. The Data protection regulation for Nigeria is here analysed and recommendations are given to strengthen the regulatory policy document.

Full Text:



The Economist: The World’s Most Valuable Resource Is No Longer Oil, But Data, (2017).

De Hert, P., Papakonstantinou, V.: The Proposed Data Protection Regulation Replacing Directive 95/46/EC: A Sound System for the Protection of Individuals. Computer Law & Security Review. 28, 130–142 (2012).

The Race to GDPR: A Study of Companies in the United States & Europe. Ponemon Institute (2018).

Bélanger, F., Crossler, R.E.: Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems. MIS Quarterly. 35, 1017–1042 (2011).

Nicolaidou, I.L., Georgiades, C.: The GDPR: New Horizons. In: Synodinou, T.-E., Jougleux, P., Markou, C., and Prastitou, T. (eds.) EU Internet Law: Regulation and Enforcement. pp. 3–18. Springer International Publishing, Cham (2017).

Mitrou, L.: The General Data Protection Regulation: A Law for the Digital Age? In: Synodinou, T.-E., Jougleux, P., Markou, C., and Prastitou, T. (eds.) EU Internet Law: Regulation and Enforcement. pp. 19–57. Springer International Publishing, Cham (2017).

De Hert, P., Papakonstantinou, V.: The New General Data Protection Regulation: Still a Sound System for the Protection of Individuals? Computer Law & Security Review. 32, 179–194 (2016).

Kurtz, C., Semmann, M., Böhmann, T.: Privacy by Design to Comply with GDPR: A Review on Third-Party Data Processors. In: AMCIS 2018 Proceedings (2018).

Petkov, P., Helfert, M.: Identifying Emerging Challenges for ICT industry in Ireland: Multiple Case Study Analysis of Data Privacy Breaches. In: AMCIS 2017 Proceedings (2017).

Karyda, M., Mitrou, L.: Data Breach Notification: Issues and Challenges for Security Management. In: MCIS 2016 Proceedings (2016).

Engels, B.: Data Portability and Online Platforms The Effects on Competition. In: BLED 2016 Proceedings. pp. 19–22 (2016).

Alboaie, L.: Towards a Smart Society through Personal Assistants Employing Executable Choreographies. In: ISD 2017 Proceedings (2017).

Fox, G., Tonge, C., Lynn, T., Mooney, J.: Communicating Compliance: Developing a GDPR Privacy Label. In: AMCIS 2018 Proceedings (2018).

Russell, K.D., O’Raghallaigh, P., O’Reilly, P., Hayes, J.: Digital Privacy GDPR: A Proposed Digital Transformation Framework. In: AMCIS 2018 Proceedings (2018).

El Kharbili, M.: Business Process Regulatory Compliance Management Solution Frameworks: A Comparative Evaluation. In: APCCM 2012 Proceedings. pp. 23–32 (2012).

Cleven, A., Winter, R.: Regulatory Compliance in Information Systems Research - Literature Analysis and Research Agenda. In: Enterprise, Business Process and Information Systems Modeling. pp. 174–186. Springer-Verlag, Berlin, Heidelberg (2009).

Abdullah, N.S., Indulska, M., Shazia, S.: A Study of Compliance Management in Information Systems Research. In: ECIS 2009 Proceedings. pp. 1–10 (2009).

Hevner, A.R., March, S.T., Park, J., Ram, S.: Design Science in Information Systems Research. MIS Quarterly. 28, 75–105 (2004).

Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems. 24, 45–77 (2007).

Bensoussan, A., Avignon, C., Bensoussan-Brulé, V., Forster, F., Torres, C.: RèglementEuropéen sur la Protection des Données: Textes, Commentaires et Orientations Pratiques. Bruylant, Brussels (2018).

Debet, A., Massot, J., Métallinos, N.: Informatique et libertés: la protection des données à caractère personnel en droit français et européen. Lextenso, Issy-les-Moulineaux (2015).

Voigt, P., Von Dem Bussche, A.: The EU general data protection regulation (GDPR): A Practical Guide. Springer International Publishing, Cham (2017).

Guadamuz, A.: Developing a Right to be Forgotten. In: Synodinou, T.-E., Jougleux, P., Markou, C., and Prastitou, T. (eds.) EU Internet Law: Regulation and Enforcement. pp. 59–76. Springer International Publishing, Cham (2017).

European Data Protection Board: Guidelines On Consent Under Regulation 2016/679 (WP259, rev.01). EDPB (2018).

European Data Protection Board: Guidelines on Data Protection Officers (WP243 rev.01). EDPB (2017).

European Data Protection Board: Guidelines on Transparency under Regulation 2016/679 (WP260 rev.01). EDPB (2018).

Iannopollo, E., Balaouras, S., Harrison, P.: The Five Milestones to GDPR Success. Forrester Research (2017).

Merlivat, S., Iannopollo, E., Parrish, M., Khatibloo, F., Oesterreich, M., Liu, S., Turley, C.: Digital Advertising under GDPR Hinges on Data Management. Forrester Research (2017).

Peyret, H., Cullen, A., McKinnon, C., Blissent, J., Iannopollo, E., Kramer, A., Lynch, D.: Enhance your Data Governance to Meet New Privacy Mandates. Forrester Research (2017).

Iannopollo, E., Balaouras, S., Pikulik, E., Dostie, P.: The State of GDPR Readiness. Forrester Research (2018).

Deutsche Telekom: Binding Interpretations: General Data Protection Regulation (GDPR). Deutsche Telekom (2016).

Nickerson, R.C., Varshney, U., Muntermann, J.: A Method for Taxonomy Development and Its Application in Information Systems. European Journal of Information Systems. 22, 336–359 (2013).

Sadiq, S., Governatori, G., Namiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., and Rosemann, M. (eds.) BPM 2007 Proceedings. pp. 149–164. Springer-Verlag, Berlin, Heidelberg (2007).

Zhang, M., Sarker, S., Sarker, S.: Drivers and Export Performance Impacts of IT Capability in ‘Born-Global’ Firms: a Cross-national Study. Information Systems Journal. 23, 419–443 (2013).

Grant, R.M.: The Resource-Based Theory of Competitive Advantage: Implications for Strategy Formulation. California Management Review. 33, 114 (1991).

Baiyere, A., Salmela, H.: Towards a Unified View of Information System (IS) Capability. In: PACIS 2014 Proceedings (2014).

Bharadwaj, A.: A Resource-Based Perspective on Information Technology Capability and Firm Performance: An Empirical Investigation. MIS Quarterly. 24, 169–196 (2000).

MTN Nigeria Communication Ltd v. Barr. Godfrey Nya Eneye, Appeal No: CA/A/689/2013 (Unreported).

Barr`. Ezugwu Emmanuel Anene v. Airtel Nigeria Ltd, Suit No: FCT/HC/CV/545/2015 (Unreported).

Constitution of the Federal Republic of Nigeria 1999 (as amended).

Barr. Ezugwu Emmanuel Anene v. Airtel Nigeria Ltd, Suit No: FCT/HC/CV/545/2015 (Unreported).

Joseph Cannataci, The Individual and Privacy Volume 1, (United Kingdom: Ashgate Publishing, 2015).


  • There are currently no refbacks.









Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.