Home » Nigeria » Section 24 Nigeria Data Protection Act 2023

Section 24 Nigeria Data Protection Act 2023

Section 24 Nigeria Data Protection Act 2023

Section 24 of the Nigeria Data Protection Act 2023 is about Principles of personal data processing. It is under Part V (Principles and Lawful Basis Governing Processing of Personal Data) of the Act.

(1) A data controller or data processor shall ensure that personal data is —
(a) processed in a fair, lawful and transparent manner ;
(b) collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible with these purposes ;

(c) adequate, relevant, and limited to the minimum necessary for the purposes for which the personal data was collected or further processed ;
(d) retained for not longer than is necessary to achieve the lawful bases for which the personal data was collected or further processed ;

(e) accurate, complete, not misleading, and, where necessary, kept up to date having regard to the purposes for which the personal data is collected or is further processed ; and
(f) processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing, access, loss, destruction, damage, or any form of data breach.

(2) A data controller and data processor shall use appropriate technical and organisational measures to ensure confidentiality, integrity, and availability of personal data.

(3) Notwithstanding anything to the contrary in this Act or any other law, a data controller or data processor owes a duty of care, in respect of data processing, and shall demonstrate accountability, in respect of the principles contained in this Act.

(4) For the purposes of subsection (1) (b) —
(a) compatibility of further processing shall be assessed considering —
(i) the relationship between the original purpose and the purpose of the intended further processing,
(ii) the nature of the personal data concerned,

See also  Section 24 EFCC Act 2004: Property subject to forfeiture

(iii) the consequences of further processing,
(iv) how the personal data has been collected, and
(v) the existence of appropriate safeguards ; and

(b) further processing for archiving purposes in the public interest, scientific, historical research purposes, or statistical purposes shall not be considered to be incompatible with the initial purposes.

Related Posts:

More Posts

Facebook
Twitter
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

LawGlobal Hub
LawGlobal Hub is your innovative global resource of law and more. We ensure easy accessibility to the laws of countries around the world, among others
Facebook Linkedin