ANAOCHA BAR JOURNAL

This paper provides an analysis of corporate obligations in safeguarding personal data under the Nigeria Data Protection Act 2023, focusing on the duties of data controllers and processors, the regulatory significance of Data Controllers and Processors of Major Importance (DCPMIs), and the framework governing the management of data breaches. The study evaluates the nature of corporate liability, including preventive, procedural, and remedial obligations. A doctrinal research methodology was employed, drawing on statutory provisions, regulatory guidelines, and relevant judicial decisions. The paper contends that the NDPA 2023 establishes a comprehensive, risk-based regime that promotes corporate accountability, emphasizing principles such as lawfulness, data minimisation, integrity, confidentiality, and accountability, while also introducing timely breach reporting requirements and administrative sanctions. Nevertheless, certain ambiguities persist, particularly regarding notification timelines for data subjects, and the handling of multiple concurrent violations, which could complicate consistent enforcement. The study recommends that organizations implement strong technical and organizational safeguards, perform regular Data Protection Impact Assessments (DPIAs), and conduct structured compliance audits to ensure statutory adherence. Additionally, it recommends that regulatory authorities offer more detailed guidance on multi-violation penalties and streamline notification procedures to improve predictability and enforcement effectiveness.