Purpose: The purpose of the study is to examine the challenges experienced in implementing data protection laws.
Methodology: This study adopted a desktop methodology. This study used secondary data from which include review of existing literature from already published studies and reports that was easily accessed through online journals and libraries.
Findings: The study concludes that monitoring and inspections by the regulatory authority regulatory bodies is not properly done because the regulatory authorities lack the resources to monitor and inspect.
Unique Contribution to Theory, Practice and Policy: The study was anchored on Adaptive Structuration Theory and Absorptive Capacity Theory. The study recommended that personal information processing management framework is required to aid the critical industries in understanding how personal information can be processed in line with the requirements of the Act. The study recommended that a wider variety of enforcement strategies should be used apart from the persuasion and warning letters issued to who do not comply.