Yes, No or Maybe? The Dos and Don’ts, and Importance of Consent in Data Processing and Protection By Similoluwa Opayemi


Most data protection legislations have included consent as one of the lawful bases for processing information of data subject. Other bases include the performance of a contract, a legitimate interest, a vital interest, a legal requirement and public interest.

Similoluwa Opayemi

What is Consent?

According to the Merriam-Webster Dictionary, consent can be an output or an action. Consent as a noun means “agreement as to action or opinion”, while consent as a verb means “to give assent or approval”.

The Relevance of Consent in Data Protection Framework

From the onset of modern civilization, privacy has always been an important and sacrosanct concept across various societies. The right to privacy is recognized and protected by most constitutions and considered a fundamental human right.

The 2018 Nigerian Data Protection Regulation and the 2020 Data Protection Bill on Consent

Under the extant Nigerian, Data Protection Regulation stipulates that the “data controller is under obligation to ensure that consent of a Data Subject has been obtained without fraud, coercion or undue influence” where consent is the basis for data processing.

  1. The consent must be communicated freely and clearly by an affirmative statement either in writing or orally;
  2. Silence and inactivity cannot be considered as consent;
  3. The data subject must be informed of their right to withdraw consent; and
  4. If a data subject withdraws consent, it does not affect the lawfulness of data processing before the withdrawal.

Protect Yourself

Collecting and processing consumer’s data is a focus of the world’s regulators. This is unsurprising considering that the world’s five of the six largest companies -Apple, Microsoft, Amazon, Google and Facebook- deal in and profit from processing the data of its consumers. Recall that they all have been visited by queries and fines in most recent times.

Practical Tips to Properly Obtain Consent

Given the provision of the regulations and the draft bill, the following are recommended to ensure consent is properly obtained for lawful data processing:

  • As a good record practice, consent should be in writing;
  • Consent forms should avoid pre-ticked options and should be in plain readable language;
  • Consent must be attached to a specific purpose or processing activity;
  • Consent must be voluntary and on an “opt-in” basis;
  • The data subject should be informed of their right to withdraw consent at any stage;
  • The data controller should keep a log of consent, related/surrounding information and withdrawals;
  • The data controller should update consent procedures and notify affected parties of changes in the laws and procedures on consent.



Easy and Modern background checks for Africa

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store