A data controller or data processor shall not transfer or permit personal data to be transferred from Nigeria to another country, unless —

(a) the recipient of the personal data is subject to a law, binding corporate rules, contractual clauses, code of conduct, or certification mechanism that affords an adequate level of protection with respect to the personal data in accordance with this Act; or

(b) one of the conditions set out in Section 043 of this Act applies.