other means, including, where appropriate, by electronic means. When
requested by the Data Subject, the information may be provided orally, provided
that the identity of the Data Subject is proven by other means.
(2) If the Controller does not act on the request of the Data Subject, the Controller
shall inform the Data Subject without delay and at the latest within one month of
receipt of the request of the reasons for not taking action and on the possibility of
lodging a complaint with a supervisory authority.
(3) Except as otherwise provided by any public policy or Regulation, information
provided to the Data Subject and any communication and any actions taken shall
be provided free of charge. Where requests from a Data Subject are manifestly
unfounded or excessive, in particular because of their repetitive character, the
controller may either:
a) Charge a reasonable fee considering the administrative costs of providing
the information or communication or taking the action requested; or,
b) Write a letter to the Data Subject stating refusal act on the request and
copy The Agency on every such occasion through a dedicated channel
which shall be provided for such purpose.
(4) The Controller shall bear the burden of demonstrating the manifestly unfounded
or excessive character of the request.
(5) Where the Controller has reasonable doubts concerning the identity of the
natural person making the request for information, the Controller may request the
provision of additional information necessary to confirm the identity of the Data
Subject.
(6) The information to be provided to Data Subject may be provided in combination
with standardized icons in order to give in an easily visible, intelligible and clearly
legible manner a meaningful overview of the intended processing. Where the
icons are presented electronically, they shall be machine-readable.
(7) Prior to collecting Personal Data from a Data Subject, the Controller shall provide
the Data Subject with all the following information:
a) the identity and the contact details of the Controller;
b) the contact details of the Data Protection Officer;
c) the purpose(s) of the processing for which the Personal Data are intended as
well as the legal basis for the processing;
14
NIGERIA DATA PROTECTION REGULATION