@Article{jcs.2025.069185,
AUTHOR = {Asere Gbenga Femi, Monday Osagie Adenomon, Gilbert Imuetinyan Osaze Aimufua, Umar Ibrahim},
TITLE = {Evaluating the Level of Compliance with the Nigeria Data Protection Regulation (NDPR): Insights from Organizations across Key Sectors},
JOURNAL = {Journal of Cyber Security},
VOLUME = {7},
YEAR = {2025},
NUMBER = {1},
PAGES = {377--394},
URL = {http://www.techscience.com/JCS/v7n1/64012},
ISSN = {2579-0064},
ABSTRACT = {Effective data protection frameworks are vital for safeguarding personal information, fostering digital trust, and ensuring alignment with global standards. In Nigeria, the Nigeria Data Protection Regulation (NDPR), administered by the National Information Technology Development Agency (NITDA), constitutes the nation’s primary privacy framework, harmonized with principles of the European Union’s GDPR. This study evaluates NDPR compliance across six strategic sectors; finance, telecommunications, education, health, Small and Medium-sized Enterprises (SMEs), and the public sector using a mixed-methods design. Data from 615 respondents in 30 organizations were collected through surveys, interviews, and document analysis. Findings reveal notable sectoral disparities: finance and telecommunications demonstrate high compliance due to regulatory pressure and strong technical capacity, while SMEs and public institutions exhibit lower adherence. Compliance, monitoring, and awareness were assessed against NDPR benchmarks, including lawful processing, consent protocols, and breach response procedures. Regression results indicate that NDPR compliance, staff training, and cybersecurity investment significantly predict enhanced cybersecurity outcomes, though perfect correlations raise concerns about instrument validity. Weak enforcement, with limited penalties or legal actions, undermines the regulation’s deterrent effect. Drawing on Institutional and Deterrence Theories, the study identifies legal and structural gaps in the NDPR and proposes reforms, stronger oversight, and sector-specific interventions. These findings contribute to debates on regulatory effectiveness and offer actionable strategies for improving data governance and cybersecurity resilience in Nigeria.},
DOI = {10.32604/jcs.2025.069185}
}