The second part of the General Application and Implementation Directive 2025 (GAID) analysis shifts focus from the foundational and institutional framework of Nigeria’s data protection, established in Series 1, to the practical, operational duties required for compliance. This transition moves…
Oct 17, 2025
TMT TEAM
The second part of the General Application and Implementation Directive 2025 (GAID)
analysis shifts focus from the foundational and institutional framework of Nigeria’s
data protection, established in Series 1, to the practical, operational duties required for
compliance. This transition moves from examining who is involved to analysing how they
must function in practice.
The Series 1 thoroughly examined the institutional framework of the GAID, including the
foundational roles of the Nigeria Data Protection Commission (NDPC), Data Protection
Officers (DPOs), and various sectoral regulators.
This Series 2 will address how these frameworks translate into tangible, daily compliance
expectations for data controllers and processors. It underscores a fundamental principle
of the Nigeria Data Protection Act (NDPA): Emphasizing that compliance under the GAID
is an ongoing operational duty, not a one-off certification exercise
