Country Annex - Nigeria
This annex applies where Jamborow processes personal data of Nigerian residents, operates in Nigeria, partners with Nigerian entities or supports Nigerian financial inclusion services.
Key framework: Nigeria Data Protection Act 2023, Nigeria Data Protection Commission guidance, CBN requirements where banking, payment, microfinance, mobile money, lending or fintech activity is involved, FCCPC consumer protection expectations, AML/CFT and sanctions obligations, cybercrime and electronic transaction rules.
Jamborow should identify whether it acts as data controller, processor or joint controller in each Nigerian product. Privacy notices should describe purposes, lawful bases, rights, transfers, retention, complaints to the NDPC and contact details.
For microfinance bank, lending, wallet or payment activity, Jamborow should confirm whether services are provided through a licensed bank, microfinance bank, mobile money operator, payment service bank, payment solution provider or other regulated entity. Marketing must not imply CBN authorisation unless such authorisation exists.
For BVN, NIN, identity verification, credit assessment and AML/KYC processing, Jamborow should apply enhanced security, lawful basis assessment, data minimisation, consent where required, retention controls and documented partner arrangements.