Civil society organisations collects a lot of personal data such as names, addresses, emails, telephone numbers, website addresses, social media handles and posts. These data are mostly collected from beneficiaries, staff, volunteers, donors, vendors, board and individuals who are only interested in receiving information (newsletters) about what your organisation does.


In developing the Nigeria Data Protection Regulation (NDPR), it is clear that the regulators were not thinking about nonprofits, their primary target seem to be companies in the business of collecting data however a further analysis of the broad scope of the rules capture almost any organisation who touches or processes data.


When linked with the European Union General Data Protection Regulation (GDPR) which by extension have implications for the work of nonprofits. The GDPR defines personal data as “any information relating to an identified or identifiable natural person”. It applies to any organisation that collects the data of EU residents, irrespective of whether payment is required.


Download the document here