Right to Data Portability Explained: How to Move Your Personal Data Between Services
Share
This article is part of our Data Subject Rights series, explaining individual rights under NDPA, GDPR, and global data protection laws.
In todays digital world, your personal data is often locked inside platforms or services, making it difficult to switch providers or maintain control over your information. The Right to Data Portability empowers you to take your personal data from one organization and move it to another — safely, efficiently, and in a usable format. This right promotes competition, transparency, and user control, allowing individuals to truly own their data rather than being bound to a single service provider.
In this guide, we explain what data portability is, how it works under the Nigeria Data Protection Act (NDPA) and the General Data Protection Regulation (GDPR), when it applies, practical steps to exercise it, and real-world examples. We also include tables, FAQs, and actionable tips to help you maximize your rights.
What Is the Right to Data Portability?
The Right to Data Portability gives you the ability to receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another data controller without hindrance. Unlike a simple data export, portability ensures that your data remains interoperable and actionable across platforms.
This right is particularly important in:
- Social media accounts
- Financial and fintech platforms
- Health records systems
- Cloud services and email providers
It promotes digital autonomy by preventing vendor lock-in and enabling users to switch services freely.
Legal Basis Under GDPR and NDPA
GDPR
Under Article 20 GDPR, the right applies when:
- The processing is based on consent or a contract.
- The processing is carried out by automated means.
Individuals can request:
- Direct transmission of data to another controller, where technically feasible
- A copy of their data in a structured and machine-readable format (e.g., CSV, JSON, XML)
This right complements other data protection rights by ensuring control, portability, and interoperability. (gdprinfo.eu)
NDPA (Nigeria)
The Nigeria Data Protection Act similarly supports the right to request your personal data in a structured format for transfer to another service provider. NDPA emphasizes:
- Transparency of data formats
- Accessibility of data without undue delay
- Free provision unless requests are excessive or unfounded
Organizations are required to facilitate such transfers while protecting security and privacy. (ndpc.gov.ng)
When Can You Exercise Data Portability?
| Condition | Explanation |
|---|---|
| Consent-Based Processing | You have given explicit consent for data collection and processing. |
| Contractual Relationship | Data processing is necessary to fulfill a contract (e.g., banking, subscriptions). |
| Automated Processing | Data must be electronically stored and processed to enable portability. |
| No Harm to Others | Requests should not infringe on the rights of third parties. |
How Data Portability Works in Practice
- Identify Your Data – Determine which data you want to transfer (e.g., transaction history, contacts, messages, medical records).
- Submit a Portability Request – Use official channels such as privacy portals, email, or designated forms.
- Data Format – Request your data in a structured, commonly used, machine-readable format.
- Direct Transfer – Where feasible, request that the data be transmitted directly to the new service provider.
- Confirmation – Ensure you receive confirmation of the request and the completed transfer.
Organizations typically have one month to respond, extendable by two months in complex cases.
Real-World Examples
Example 1 — Switching Cloud Services
A user wants to move their documents and photos from one cloud storage provider to another. They request a data export in JSON/CSV format and submit it to the new provider for direct import.
Example 2 — Banking Data Transfer
A customer decides to switch banks. They request a copy of all financial transactions and account details in machine-readable format. The new bank imports the data to maintain continuity.
Example 3 — Health Records Portability
A patient moves to a new healthcare provider. They request electronic health records, including lab results and prescriptions, to be securely transferred to the new system.
Example 4 — Social Media Migration
A user wants to switch social networks. They request their posts, messages, and contacts in a structured format to import into the new platform.
Benefits of Exercising Data Portability
| Benefit | Description |
|---|---|
| Consumer Empowerment | Users control their data and reduce vendor lock-in. |
| Competition | Encourages service providers to improve offerings. |
| Data Continuity | Enables seamless transitions without losing critical information. |
| Transparency | Organizations must maintain clear and interoperable data practices. |
How to Submit an Effective Portability Request
- Identify the scope – Specify exactly which personal data and formats you need.
- Use official channels – Privacy portals, email, or NDPA-compliant forms.
- Reference legal basis – Cite GDPR Article 20 or relevant NDPA provisions.
- Request direct transfer – Where technically feasible, ask the current provider to send data to the new one.
- Keep records – Save correspondence and confirmations for accountability.
What Organizations Must Do
- Provide data in a structured, commonly used, machine-readable format
- Facilitate direct transfer to another controller, if feasible
- Respond without undue delay, typically within one month
- Ensure security and confidentiality during the transfer process
Non-compliance can result in regulatory enforcement and reputational damage.
Frequently Asked Questions (FAQs)
Q1. Can all personal data be ported?
Only data you provided directly and processed by automated means. Data inferred or derived by the organization may not be included.
Q2. Is this right free?
Yes, unless requests are excessive or unfounded.
Q3. How long does it take?
Organizations generally have one month to respond, with possible two-month extension for complex cases.
Q4. Does NDPA support direct transfers?
Yes. NDPA allows direct data transfers to another service provider where technically feasible. (ndpc.gov.ng)
Final Thoughts
The Right to Data Portability is a cornerstone of digital autonomy, enabling individuals to maintain control, ensure continuity, and foster competition among service providers. By understanding and exercising this right under the NDPA or GDPR, users can move their data safely and efficiently without losing access to critical services.
This right transforms personal data from a passive commodity into a transferable asset, giving you control over how and where your information is used. Whether switching cloud storage, banks, healthcare providers, or social platforms, data portability ensures that your digital life remains flexible, secure, and under your control.
Leave a Reply