How will Nigeria's new data laws impact companies?

​​​​​​
Our online activities generate vast data volumes. Every moment we spend interacting, exchanging messages, searching for information, or looking for love translates into data on the platforms, websites and apps we use.

A case in point is WhatsApp; users exchange 100 billion messages daily. That’s almost 1.2 million messages each second. Two billion monthly active users will get you this information magnitude. At the same time, this example gives us a good sense of the massive scale of data we create as we live and work in the digital economy. 

Digital platforms, apps, websites and computing devices from startups, big technology companies and non-digital native companies process all these customer data to identify commercial opportunities. As they do this, they tend to overreach and violate an individual’s right to privacy—a fundamental human right. As Murphy’s Law goes, “Whatever can go wrong will go wrong.”

You can’t even blame these companies—which we can group as data controllers and processors because they can access and process users' data. With all the data at their fingertips, using it without respect for privacy becomes tempting. That’s why laws and regulations are essential to incentivise good behaviour (i.e. respecting data privacy) and deter the opposite.

Since 1970 when a region in Germany passed what can be said to be the first data protection laws, over 137 countries globally now have some form of data protection legislation. Germany is also a part of the European Union (EU), which released the General Data Protection Regulations (GDPR) in 2018, hailed as the most comprehensive data protection law globally. The GDPR also inspired similar laws in other jurisdictions like Nigeria, Brazil and even the State of California in the USA.

In 2019, Nigeria published the Nigeria