This Policy Brief examines the existing data protection regime both in Nigeria and globally and suggests ways to improve the data protection efforts in Nigeria. It considers Nigeria’s principal data protection laws, generally applicable across all sectors (including public and private institutions). By examining and juxtaposing some of the exemptions in legislation, an opportunity for abuse of data subjects’ rights may have been inadvertently created by laws that were enacted to do otherwise. This Policy Brief proffers preferable outcomes that may guide engagement with policymakers to rectify this situation.