Assessing The Impact Of The EU General Data Protection Regulation (GDPR) On Businesses In Nigeria

Abstract

In Europe, processing of personal data and the free movement of such data is currently governed by the 1995 European Directive (95/46/EC) (the Directive). Effective May 25, 2018, the Directive will be replaced by the General Data Protection Regulation (GDPR) which will be directly applicable throughout the EU without requiring implementation by the EU Member States. The purpose of this is to increase the legal certainty, reduce administrative burden and cost of compliance for businesses that are active in multiple EU Member States, and enhance consumer confidence in the single digital marketplace. Importantly, the GDPR carries extra-territorial effect that will impact on the activities of businesses based outside the EU. The GDPR is set to become the benchmark for data protection with non compliance limiting the ability of a company to market or sell products or services online or offline in the EU, partner with an EU organisation, or access funding from an EU based investor. This brief summarises the scope, extra territorial effect, and the practical significance of the GDPR for bussinesses in Nigeria.