The legal obligations of companies regarding the reporting of data breaches vary depending on the jurisdiction and the specific laws that apply. However, most data protection regulations require organizations to report data breaches promptly and transparently. A data breach occurs when the data under an organization’s control suffers a security incident that results in a breach of the confidentiality, availability, or integrity of such data- including personal data.
In Nigeria, the legal obligations regarding the reporting of data breaches are primarily governed by the Nigerian Data Protection Act, 2023 (“NDPA” or “Act”), which was signed into law on 12th June 2023.The Act lays out rules for how businesses must respond to data breaches, including how to notify impacted parties and government agencies.