Home » Nigeria » Section 34 Nigeria Data Protection Act 2023

Section 34 Nigeria Data Protection Act 2023

Section 34 Nigeria Data Protection Act 2023

Section 34 of the Nigeria Data Protection Act 2023 is about Rights of a data subject. It is under Part VI (Rights of a Data Subject) of the Act.

(1) A data subject has the right to obtain from a data controller, without constraint or unreasonable delay —
(a) confirmation as to whether the data controller or a data processor operating on its behalf, is storing or otherwise processing personal data relating to the data subject, and where that is the case —
(i) the purposes of the processing,
(ii) the categories of personal data concerned,

(iii) the recipients or categories of recipient to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organisations,

(iv) where possible, the period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,

(v) the existence of the right to request from the data controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject or to object to such processing,

(vi) the right to lodge a complaint with the Commission,
(vii) where the personal data is not collected from the data subject, any available information as to their source, and
(viii) the existence of automated decision-making, including profiling, the significance and envisaged consequences for the data subject ;

(b) a copy of data subject’s personal data in a commonly used electronic format, except to the extent that providing such data would impose unreasonable costs on the data controller, in which case the data subject
may be required by the data controller to bear some or all of such costs ;

See also  Second Schedule of the Nigerian Constitution 1999 (Updated)

(c) the correction or, if correction is not feasible or suitable, deletion of the data subject’s personal data that is inaccurate, out of date, incomplete, or misleading ;
(d) the erasure of personal data concerning the data subject, without undue delay ; and
(e) restriction of data processing pending —
(i) the resolution of a request,
(ii) objection by the data subject under this Act, or
(iii) the establishment, exercise, or defense of legal claims.

(2) A data controller shall erase personal data without undue delay, where —
(a) the personal data is no longer necessary, in relation to the purposes for which it was collected or processed, or
(b) the data controller has no other lawful basis to retain the personal data.

Related Posts:

More Posts

Facebook
Twitter
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

LawGlobal Hub
LawGlobal Hub is your innovative global resource of law and more. We ensure easy accessibility to the laws of countries around the world, among others
Facebook Linkedin