The Joint Admissions and Matriculation Board (JAMB) has issued a strict directive to all Computer-Based Test (CBT) centres across Nigeria: do not copy, store, or retain candidates' personal data—or face the legal consequences.

In a statement released by the board, JAMB warned that any centre found in possession of personal data from Unified Tertiary Matriculation Examination (UTME) candidates—whether during registration or post-examination—will be prosecuted under Nigeria’s data protection laws.

“Possessing candidates’ data without proper authorisation is a clear violation of the law. Centres must steer clear of retaining or replicating any such data. This is your final warning—ignorance is no excuse,” JAMB stated emphatically.

The directive aligns with the growing enforcement of Nigeria’s data protection regime, overseen by the Nigeria Data Protection Commission (NDPC).

Data Protection Crackdown: What You Need to Know

In a bid to tighten data governance nationwide, the NDPC recently unveiled the Nigeria Data Protection Act – General Application and Implementation Directive (NDP Act-GAID). The directive lays out robust, actionable guidelines for all data handlers—including CBT centres—to align with national law.

Full implementation begins September 2025, following a six-month transition period. The NDPC’s directive outlines key areas including:

• Core principles of data protection

• Lawful grounds for data processing

• Rights of data subjects

• Cross-border data transfers

• Compliance audits

• Standard grievance redress mechanisms

As part of this framework, the NDPC introduced the Standard Notice to Address Grievance (SNAG)—a powerful tool that allows Nigerians to directly seek redress from data controllers or processors without first lodging a complaint with the Commission.

Empowering Millions, Enforcing Accountability

According to Dr. Vincent Olatunji, the National Commissioner and CEO of the NDPC, the new policies are designed to empower Nigeria’s over 230 million citizens to take ownership of their digital rights.

The Commission has already made waves: by June 2024, it had concluded over 1,000 investigations across sectors like finance and digital lending. It also imposed over ₦400 million in fines on seven companies found guilty of data breaches.

To further scale its efforts, the NDPC signed a landmark Memorandum of Understanding with Mastercard in May 2025, aimed at strengthening Nigeria’s data protection infrastructure and training professionals to uphold it.

Why It Matters

As the nation pushes deeper into the digital age, sectors like education—where sensitive personal information is routinely collected—are under the microscope. The latest moves by JAMB and the NDPC send a clear message: data misuse will not be tolerated.

For CBT centres, the takeaway is simple: secure the data, follow the law, or prepare for serious legal consequences.