This law creates a comprehensive legal framework for personal data protection in Nigeria, establishing the Nigeria Data Protection Commission to regulate data controllers and processors, whether located within or outside the country. It outlines lawful grounds for data processing such as consent and legal obligations—while codifying data-subject rights, including access, correction, and erasure of personal information. Provisions address security measures, mandatory breach notifications, and cross-border data transfers, ensuring that foreign jurisdictions provide adequate safeguards. The Act grants enforcement powers to the Commission, including the imposition of fines and penalties, with the overarching objective of protecting individual privacy and encouraging trust in Nigeria’s digital ecosystem.