Home » Nigeria » Section 48 Nigeria Data Protection Act 2023

Section 48 Nigeria Data Protection Act 2023

Section 48 Nigeria Data Protection Act 2023

Section 48 of the Nigeria Data Protection Act 2023 is about Enforcement orders. It is under Part X (Enforcement) of the Act.

(1) Notwithstanding any criminal sanctions under this Act, if the Commission, after completing an investigation under section 46 of this Act, is satisfied that a data controller or data processor has violated any provision of
this Act or subsidiary legislation made under this Act, it —
(a) may make any appropriate enforcement order or impose a sanction on the data controller or data processor ; and
(b) shall inform the data controller or data processor, and if applicable, any data subject who lodged a complaint leading to the investigation, in writing of its decision.

(2) An enforcement order made or sanction imposed under subsection
(1) shall include —
(a) requiring the data controller or data processor to remedy the violation ;
(b) ordering the data controller or data processor to pay compensation to a data subject, who has suffered injury, loss, or harm as a result of a violation ;

(c) ordering the data controller or data processor to account for the profits realised from the violation ; or
(d) ordering the data controller or data processor to pay a penalty or remedial fee.

(3) A penalty or remedial fee under subsection (2)(d) may be an amount up to the —
(a) higher maximum amount, in the case of a data controller or data processor of major importance ; or
(b) standard maximum amount, in the case of a data controller or data processor not of major importance.

(4) The “higher maximum amount” shall be the greater of —
(a) N10,000,000, and
(b) 2% of its annual gross revenue in the preceding financial year.

See also  Section 94 of the 1999 Constitution of Nigeria (Updated)

(5) The “standard maximum amount” shall be the greater of —
(a) N2,000,000, and
(b) 2% of its annual gross revenue in the preceding financial year.

(6) The Commission shall, in determining the sanctions, take into consideration the —
(a) nature, gravity, and duration of the infringement ;
(b) purpose of the processing ;
(c) number of data subjects involved ;

(d) level of damage and damage mitigation measures implemented ;
(e) intent or negligence ;
(f ) degree of cooperation with the Commission ; and
(g) types of personal data involved.

Related Posts:

More Posts

Section 44 Nigeria Data Protection Act 2023

Section 44 Nigeria Data Protection Act 2023 Section 44 of the Nigeria Data Protection Act 2023 is about Registration of data controllers and data processors of major importance. It

Facebook
Twitter
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

LawGlobal Hub
LawGlobal Hub is your innovative global resource of law and more. We ensure easy accessibility to the laws of countries around the world, among others
Facebook Linkedin