What is the Nigeria Data Protection Act (NDPA)?

The Nigeria Data Protection Act (NDPA) is the primary data protection legislation in Nigeria, signed into law in June 2023. It establishes rules for how organisations collect, store, process, and share personal data of Nigerian citizens and residents. It applies to all businesses operating in Nigeria that handle personal data, regardless of size.

Does the NDPA apply to small and medium-sized enterprises (SMEs)?

Yes, the NDPA applies to all organisations that process personal data in Nigeria, including SMEs. There is no exemption based on company size. SMEs that collect customer data, employee records, or any personal information must comply with the NDPA's requirements for data protection.

What are the penalties for non-compliance with the NDPA?

Penalties for NDPA non-compliance can include fines of up to 2% of annual gross revenue or 10 million Naira (whichever is greater) for data controllers, and up to 2% of annual gross revenue or 2 million Naira for data processors. Additional consequences include reputational damage, loss of customer trust, and potential legal action from affected data subjects.

What does the free NDPA compliance guide cover?

The free NDPA compliance guide provides a plain-language breakdown of what the law requires, a 9-area compliance scorecard to assess your current status, a prioritised action tracker to help you address gaps systematically, and practical steps Nigerian SMEs can take to achieve compliance without needing a dedicated legal department.

How can Nigerian SMEs start their NDPA compliance journey?

Nigerian SMEs can start by downloading the free NDPA compliance guide to understand requirements, then using the NDPA compliance scorecard to assess their current compliance level across 9 key areas. From there, they can prioritise actions based on risk level and work through the compliance tracker to address gaps systematically.

🛡 Free Compliance Resource

Nigeria's Data Protection Act: What Every SME Needs to Know in 2026

The plain-language compliance guide built for Nigerian businesses that need to get NDPA compliant, without hiring a legal department.

What’s included in this guide

✓Plain-language breakdown of what the NDPA actually requires

✓What the GAID 2025 adds to the compliance picture

✓9-area compliance scorecard to assess your current position

✓Prioritised action tracker print and work through with your team

✓The enforcement thresholds most SME owners don’t know about

Take A Free Compliance Test

Test your organisation’s readiness against the Nigeria Data Protection Act across 10 compliance areas

in under 10 minutes. Get a personalised risk breakdown and priority actions.

Why Nigerian SMEs can no longer treat NDPA compliance as optional

The NDPC has moved from awareness campaigns to active enforcement of data protection compliance. In 2025 alone, it issued fines exceeding ₦1.3 billion across two organisations. Penalties apply to businesses of every size, and the threshold for being classified as an entity of major importance is lower than most SME owners realise.

The guide covers what the NDPA actually requires, what the GAID 2025 adds to that picture, and what your business needs to do now. It includes a nine-area compliance scorecard you can use to assess your current position, and a prioritised action tracker designed to be printed and worked through with your team.

Whether you are a fintech, a professional services firm, a healthcare provider, or an e-commerce business if you collect customer names, emails, or payment details, the NDPA’s data privacy requirements apply to you. This guide tells you exactly what that means in practice.

Free Download · PDF Guide

Nigeria’s Data Protection Act: What Every SME Needs to Know in 2026

QuotientSec · Includes scorecard + action tracker

01What the NDPA requires, in plain language

02What changed with GAID 2025

03NDPC enforcement: who gets fined and why

049-area compliance scorecard

05What “entity of major importance” means for your business

06Your prioritised action tracker

07When to bring in outside help

Get your free NDPA Compliance Guide (instant download)

What businesses said after working with QuotientSec

★★★★★

“We had no idea our customer data practices put us in scope for NDPA enforcement. The scorecard made it immediately clear where we stood and what to fix first.”

Chidinma A.

COO, Fintech Startup · Lagos

★★★★★

“The guide is practical, not legal jargon. We used the action tracker in a team session and had a compliance roadmap by end of day.”

Emeka O.

MD, Professional Services Firm · Abuja

★★★★★

“I expected another generic compliance checklist. This actually explains the regulatory context specific to Nigeria. Nothing else I’ve seen covers Nigeria this specifically.”

Adaeze N.

Head of Operations, E-commerce · Port Harcourt

Nigeria's Data Protection Act: What Every SME Needs to Know in 2026

Take A Free Compliance Test

Why Nigerian SMEs can no longer treat NDPA compliance as optional

Get your free NDPA Compliance Guide (instant download)

Fill the form below to get the NDPA Guide for SMEs