The Nigerian Data Protection Regulation("NDPR" or "Regulation") 2 was introduced by the National Information Technology Development Agency ("NITDA" or "Agency") to safeguard, regulate and protect against personal data breaches and also ensure Nigerian businesses remain competitive in international trade. 3 Since the introduction of the Regulation, organisations that process personal data have had to make necessary adjustments to the way personal data are collected and processed to ensure conformity with the requirements stipulated in the NDPR. The scope of the Regulation is broad as it applies to all kinds of transactions including transactions that involve employees intended for data processing. 5 The Regulation extends to