Table of Contents

JAMB Issues Stern Warning to CBT Centres Over Illegal Retention of UTME Candidates’ Data

All computer-based test (CBT) centers in Nigeria have received a strong warning from the Joint Admissions and Matriculation Board (JAMB), which forbids them from keeping or copying the personal information of applicants who registered for or took the Unified Tertiary Matriculation Examination (UTME).

The purpose of this directive, which was announced in an official statement, is to guarantee adherence to Nigeria’s data protection laws.

“All computer-based test (CBT) centers and their operators are advised against copying or keeping the data of candidates who registered for the Unified Tertiary Matriculation Examination (UTME) or those who took exams at their centers in order to avoid prosecution for violating the provisions set forth by the Nigeria Data Protection Commission (NDPC).”

“It is against data protection rules to possess candidate data without authorization. Since ignorance of the law is not an excuse, any center caught in possession of such data will face legal action, according to JAMB.

According to the test authority, the announcement is a last warning to all CBT centers, reminding them of their responsibilities under Nigerian data protection rules and cautioning them against any misuse of data.

The Data Protection Act of Nigeria

The Nigeria Data Protection Act—General Application and Implementation Directive (NDP Act-GAID), which was introduced by NDPC, offers thorough instructions to assist data controllers and processors in adhering to the legislation. There will be a six-month transition time for companies before the full implementation of this rule begins in September 2025.

Important topics like data protection principles, legal justifications for data processing, data subjects’ rights, cross-border data transfers, compliance audit reports, and standardized grievance redress procedures are all covered by the directive, which will be accessible on the NDPC portal.

Furthermore, the NDPC established the Standard Notice to Address Grievance (SNAG), a procedure that enables people to request corrective action from data controllers and processors directly without first contacting the commission.

This would enable more than 230 million Nigerians to actively participate in the enforcement of data privacy regulations, according to Dr. Vincent Olatunji, National Commissioner and Chief Executive Officer of the NDPC.

Things you should be aware of

Through the NDPC, Nigeria has been fortifying its data protection framework, particularly in industries like education that deal with substantial amounts of private, sensitive data.

More than 1,000 investigations were carried out by the NDPC in a variety of industries, including digital lending platforms and finance. By June 2024, the commission had sanctioned seven corporations for a total of nearly N400 million in data breaches.

In May 2025, the NDPC and Mastercard signed a Memorandum of Understanding to expand Nigeria’s data protection framework and upskill data protection specialists, therefore increasing the country’s capacity to secure data.