Skip to main content
← Back to Blog
Nigeria

GeraCompliance in Nigeria 2026 — NDPA, NDPR, NITDA guidance for Nigerian SaaS, e-commerce and fintech

Published 21 April 2026 · 9 min read

Quick answer: GeraCompliance maps your product to Nigerian data-protection duties. The Nigeria Data Protection Act 2023 (NDPA) plus the older Nigeria Data Protection Regulation (NDPR 2019) are the main frameworks, with the Nigeria Data Protection Commission (NDPC) as regulator. NITDA also regulates digital-service providers. We generate NDPA-aligned privacy notices, DPO-appointment templates, DPIA worksheets and audit-register exports. Pricing in naira via useCountry(); pay via Paystack, Flutterwave, Opay or bank transfer.

NDPA, NDPR and who regulates what

The Nigeria Data Protection Act 2023 is the primary data-protection law. It established the Nigeria Data Protection Commission (NDPC) as an independent regulator, replacing NITDA's earlier role. The NDPR 2019 still applies where it complements the Act. NITDA continues to regulate information-technology development more broadly. For financial-services data, the CBN also has its own data-residency and reporting rules. For health data, NHIA and the National Health Act apply.

Who must register as a Data Controller of Major Importance (DCMI)

Under NDPA, large processors (by volume of data subjects or sensitivity) must register with NDPC as Data Controllers of Major Importance. The trigger thresholds have been clarified via NDPC guidance in 2024–2025. GeraCompliance includes the decision tree and generates the registration pack.

DPO appointment

NDPA requires DPOs for specified categories of controller. Our template covers scope, reporting line, conflict-of-interest declaration and published contact point. For smaller businesses, an outsourced DPO-as-a-service is permitted.

Cross-border transfers

Transferring personal data out of Nigeria requires an approved mechanism: adequacy (limited country list), binding corporate rules, standard contractual clauses (SCCs) per NDPC template, or explicit data-subject consent. Our transfer register handles this.

Pricing in naira

Starter ₦9,500/month (up to 1,000 data subjects, self-serve). Business ₦35,000/month (up to 50,000, with a human NDPC-liaison review). Enterprise custom. Prices via useCountry().

Payments

Paystack, Flutterwave, Opay, Palmpay, Visa/Mastercard/Verve, NIBSS bank transfer. Invoicing in naira with VAT (7.5%) applied correctly.

How we compare

The big global names (OneTrust, Securiti) are expensive and not tuned for Nigerian regulators. Local law firms bill by the hour. Our position: operational tooling at SaaS pricing, with legal-review services bolted on when you need them.

Related reading

Pidgin-English version of this guide is on the roadmap — tell us if you want it sooner.

Get NDPA-ready in a week

Privacy notices, DPO templates, DPIA worksheets. Paystack, Flutterwave.

Start compliance