In this Act —
Applicable Law
“applicable law” means any law enacted by the National Assembly or House of Assembly of any State in Nigeria ;
Automated Decision-Making
“automated decision-making” means a decision based solely on automated processing by automated means, without any human involvement ;
Binding Corporate Rules
“binding corporate rules” means personal data protection policies and procedures adhered to by the members of a group of firms under common control with respect to the transfer of personal data among such members and containing provisions for the protection of such personal data ;
Biometric Data
“biometric data” means personal data resulting from specific technical processing relating to the physical, physiological, or behavioural characteristics of an individual, which allow or confirm the unique identification of that individual, including without limitation by physical measurements, facial images, blood typing, fingerprinting, retinal scanning, voice recognition and deoxyribonucleic acid (DNA) analysis ;
Certification Mechanism
“certification mechanism” means certification by an official or professional third-party entity that evaluates the personal data protection policies and procedures of data controllers and data processors according to best practices ;
Child
“child” has the meaning ascribed in the Child’s Right Act, No. 26, 2003 ;
Commission
“Commission” means the Nigeria Data Protection Commission established under this Act ;
Competent Authority
“competent authority” includes —
(a) the Government of the Federal Republic of Nigeria or any foreign government ; or
(b) any state government, statutory authority, government authority, institution, agency, department, board, commission, or organisation within or outside Nigeria, exercising executive, legislative, judicial, investigative, regulatory, or administrative functions ;
Consent
“consent” means any freely given, specific, informed, and unambiguous indication, whether by a written or oral statement or an affirmative action, of an individual’s agreement to the processing of personal data relating to him or to another individual on whose behalf he has the permission to provide such consent ;
Council
“Council” means the Governing Council of the Commission established under this Act ;
Court
“court” means any court of competent jurisdiction ;
Data Controller
“data controller” means an individual, private entity, public Commission, agency or any other body who, alone or jointly with others, determines the purposes and means of processing of personal data ;
Data Controller or Data Processor of Major Importance
“data controller or data processor of major importance” means a data controller or data processor that is domiciled, resident in, or operating in Nigeria and processes or intends to process personal data of more than such number of data subjects who are within Nigeria, as the Commission may prescribe, or such other class of data controller or data processor that is processing personal data of particular value or significance to the economy, society or security of Nigeria as the Commission may des...
Data Processor
“data processor” means an individual, private entity, public authority, or any other body, who processes personal data on behalf of or at the direction of a data controller or another data processor ;
Data Subject
“data subject” means an individual to whom personal data relates ;
Minister
“Minister” means the Minister responsible for matters relating to communications and digital economy ;
National Commissioner
“National Commissioner” means the National Commissioner of the Nigeria Data Protection Commission ;
Personal Data
“personal data” means any information relating to an individual, who can be identified or is identifiable, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, cultural, social, or economic identity of that individual ;
Personal Data Breach
“personal data breach” means a breach of security of a data controller or data processor leading to or likely to lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed ;
President
“President” means the President of the Federal Republic of Nigeria ;
Processing
“processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction and does not include the mere transit of data originating outside Nigeria ;
Pseudonymisation
“pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person ;
Sensitive Personal Data
“sensitive personal data” means personal data relating to an individual’s —
(a) genetic and biometric data, for the purpose of uniquely identifying a natural person,
(b) race or ethnic origin,
(c) religious or similar beliefs, such as those reflecting conscience or philosophy,
(d) health status,
(e) sex life,
(f ) political opinions or affiliations,
(g) trade union memberships, or
(h) other information prescribed by the Commission, as sensitive personal data under Section...
Social Security Laws
“social security laws” means “the Employee Compensation Act, Pension Reform Act, National Health Insurance Authority Act, National Housing Fund Act, Nigeria Social Insurance Trust Fund Act, Industrial Trust Fund Act or any other similar law