The Nation Newspaper

Tag: NDPC

  • Nigeria data protection ecosystem hits N16.2 billion in value within three years 

    Nigeria data protection ecosystem hits N16.2 billion in value within three years 

    The National Commissioner and CEO of the Nigeria Data Protection Commission (NDPC), Dr Vincent Olatunji, said on Wednesday that Nigeria is now a global player as the country’s Data Protection and Privacy ecosystem now peaked at about 16.2 billion naira in value. 

    Dr Olatunji attributed the feat to pragmatic steps taken by the leadership of the Commission following the signing into law of the Data Privacy and Protection Act by President Bola Tinubu in June 2023.

    The NDPC boss said in less than four years the NDPC has transformed into a global institutions with no fewer than 12 countries understudying its ecosystem, while some institutions had signed Memorandum of Understanding (MoU) with NDPC on how to replicate the Commission’s achievements in their country. 

    Speaking during the opening ceremony of the 2026 Data Protection and Privacy Summit at the Transcorp Hotel, Abuja on Wednesday, Dr Olatunji praised President Bola Tinubu and the Minister of Communications, Innovations and Digital Economy, Dr Bosun Tijani for the transformations taking place in the sector. 

    He announced that besides the on going massive awareness campaigns embarked upon by the NDPC under his leadership, the Commission has been able to ensure the conclusion of investigations on 246 data privacy breaches by various institutions in the country. 

    Olatunji said while appropriate sanctions and remediation mechanisms have been meted out, no fewer than 23,000 new jobs have been created within the ecosystem, while government has earned 5.2 billion naira in compliance revenue from the sector. 

    He said the 2026 National Privacy Week with the theme “Privacy in the Age of Emerging Technologies: Trust, Ethics, and Innovation” which started on 28th January through to 4th February, ending with the summit would further enlighten Nigerians, the private and public sectors about the significance of data protection and privacy in the context of national security and economic development. 

    Listing the achievements of the NDPC, Dr Olatunji said, “The Commission initiated a multi-sector compliance drive, issuing compliance notices to 1,348 entities in August 2025 across the banking, insurance, pension, and gaming sectors, strengthening engagement and informing enforcement actions.

    “Since the signing of Act by Mr President over 23,000 new jobs have been created within the ecosystem while the value of the data protection ecosystem is now over N16.2b.”

    Read Also: French Embassy partners firm to boost Nigerian filmmakers

    The Permanent Secretary in the Ministry of Communications, Innovations and Digital Economy, Mr Nadungu Gagare said the choice of the theme of the summit could not have been more relevant given the challenges of digitalisation in contemporary global economy. 

    The Permanent Secretary who was represented by Adetunji Adeyemo, a Director in the Universal Service Provision Department in the Ministry, called for ethical guidance that respect human dignity in the management of personal information and citizens’ data 

    He said responsible data management would be a catalyst to the growth and development of Nigeria economy, stressing that protection and privacy of data by institutions would not constitute any obstacle to innovations in the digital space. 

    He emphasised trust, credibility and collaboration of stakeholders in data protection and privacy, assuring that the government would continue to strengthen regulatory frameworks and build capacity of its workforce to enable them carry out their duties efficiently and effectively. 

    The Permanent Secretary further said emerging technologies such Artificial Intelligence, Robotics and others should be leveraged and deployed ethically to improve Nigeria Gross Domestic Product (GDP), while the private and public sectors, academia and civil society groups should work together to protect the private rights of citizens. 

  • NDPC generates over N5.2billion revenue

    NDPC generates over N5.2billion revenue

    • Creates 23,000 jobs

    The Nigeria Data Protection Commission (NDPC) yesterday said despite its not being an exclusively revenue generating agency of the Federal Government, it has generated over N5.2billion into the coffers of the Federal Government while it has also created some 23,000 new jobs to ease the unemployment challenge in the country.

    Its National Commissioner/CEO, Dr Vincent Olatunji, who disclosed this at a media workshop organised by the NDPC, in Lagos, said the total value of the nation’s data protection ecosystem is over N16.2billion.

    He said the over N5.2 billion was generated by way of compliance revenue to the Federal Government.

    He said the Commission has concluded 246 investigations into data protection and privacy breaches across the country

    Dr Olatunji said the outcomes reflect a deliberate shift toward aggressive, enforcement-driven oversight under the Nigeria Data Protection Act, 2023. The 246 concluded probes have directly led to 11 enforcement actions, including significant fines and remediation directives, demonstrating that the NDPC is prepared to impose substantial penalties on violators, from major corporations to financial institutions.

    Some of the high-profile cases that underscored the Commission’s resolve include the July 2025, MultiChoice Nigeria which led to the imposition of a N766.2 million fine on the company for intrusive, unfair, and disproportionate data practices, including unlawful cross-border transfers of subscriber personal information without adequate safeguards or consent.

    Fidelity Bank also faced a N555.8 million penalty in 2024 (with ongoing implications noted in recent reviews) for processing personal data without informed consent, non-transparent use of cookies in banking apps, and engaging non-compliant third-party processors.

    Read Also: NDPC investigates data breach in JAMB

    These landmark sanctions, among others, have contributed to the N5.2 billion compliance revenue stream, bolstering government coffers while deterring widespread non-compliance.

    The broader data protection ecosystem now exceeds N16.2 billion in value and has created more than 23,000 jobs, signaling robust economic ripple effects from strong regulatory enforcement.

    Olatunji tied these achievements to national digital ambitions, stating that trust built through accountability is essential for Nigeria’s push toward a $1 trillion digital economy.

     “Enforcement is the backbone of privacy protection. By concluding 246 investigations and applying meaningful consequences, we are not only protecting citizens but also creating the secure environment needed for innovation, foreign investment, and sustainable growth,” he emphasized.

    Supporting this enforcement momentum are expanded compliance efforts: 38,677 Data Controllers and Processors of Major Importance registered, 307 licensed Data Protection Compliance Organisations, and over 8,155 Compliance Audit Returns filed.

    The Commission has also issued the General Application and Implementation Directive (effective September 2025), translated the Act into three major languages, and launched a multi-sector drive in August 2025, sending compliance notices to 1,348 entities in banking, insurance, pension, and gaming, with further actions promised for defaulters.

    This year, the Commission said plans to increase awareness on data protection and privacy; intensify the enforcement of the provisions of the Nigeria Data Protection Act and take appropriate actions against non-compliant organizations; and increase awareness creation to promote a deeper understanding of data protection and privacy across Nigeria.

    Others are in the area of provision of guidance and support to organizations on data protection best practices; and capacity building and certifying professionals through the National Data Protection Officer Certification to meet global standards in data protection practices.

    With international accolades such as the Picasso Award for Best DPA in Africa and active participation in global forums, Nigeria’s data regime is increasingly viewed as credible and robust.

    As emerging technologies accelerate data flows, the NDPC’s track record: 246 resolved cases, billions in revenue, and decisive fines, sends an unequivocal message. In digital Nigeria, privacy violations face ironclad consequences, and compliance is the only viable path forward.

    Activities during National Privacy Week (January 28–February 4) will build on this foundation through nationwide campaigns and stakeholder engagements to embed a culture of ethical data stewardship.

  • 58,820 youths register for data protection training

    58,820 youths register for data protection training

    About 58,820 young Nigerians have signed up for the Youth Data Protection Awareness and Training (YDPAT) Program at the close of registration. 

    The training will be conducted by the Federal Ministry of Youth Development, in partnership with the Nigeria Data Protection Commission (NDPC) and Globe Takers Foundation.

    A statement by Director, Information and Public Relations, Federal Ministry of Youth Development, Omolara Esan said that in 53 days, a total of 58,820 young Nigerians signed up from all six geopolitical zones, a strong signal of how eager Nigerian youth are to learn about data protection, digital awareness, and personal growth.

    Minister of Youth Development, Comrade Ayodele Olawande, applauded the overwhelming response, describing it as proof of the commitment of young people to nation-building. 

    He assured that every single registrant will benefit from the ministry’s broader youth development initiatives. 

    “While the training will begin with an initial cohort of 5,000 participants carefully selected to ensure fair representation across the country, the remaining registrants will still be engaged through other relevant programs of the Ministry so that no youth is left out.

    “The YDPAT training will run in a hybrid format that combines online and physical sessions, making it accessible to participants regardless of their location. Registration officially closed in the first week of September 2025, and the selection of participants is now underway. 

    “The process will continue throughout September, with the announcement and accreditation of selected individuals scheduled for October. Virtual training is set to begin in November, followed by physical sessions in December 2025.

    “As the program enters this critical phase, the Ministry is calling on development partners, private sector stakeholders, and state governments to support and collaborate on the YDPAT initiative. The Minister stressed that with collective effort, the reach and impact of this program can be significantly expanded, allowing even more young Nigerians to benefit from digital inclusion and data literacy.

    “The Federal Ministry of Youth Development remains committed to raising a digitally aware and empowered generation, one capable of protecting its rights in the digital age while contributing meaningfully to the growth and security of Nigeria’s data-driven economy,” the statement added. 

  • Data Commission begins sector by sector probes of companies over data breaches

    Data Commission begins sector by sector probes of companies over data breaches

    The Nigeria Data Protection Commission, NDPC, has concluded arrangements to begin a comprehensive investigation of companies in the various sectors of the economy in order to expose data breaches and mete out appropriate sanctions.

    The NDPC said companies in the insurance, banking, hospitality, pension, gaming and insurance brokers amongst others would be probed to determine their compliance with the NDP Act 2023.

    The Commission in a statement issued in Abuja and signed by its Head of Legal, Enforcement and Regulations, Barrister Babatunde Bamigboye, said its action was “in furtherance of its mandate under the Nigeria Data Protection Act (NDP Act), 2023.”

    Bamigboye said NDPC would commence a sector-by-sector investigation of organisations suspected of non-compliance with the provisions of the Act.

    He added that the list of affected organisations/companies in various sectors would be published in some major national dailies on Monday 25th of August.

    Bamigboye explained that the NDP Act, 2023 seeks to “safeguard the fundamental rights, freedoms, and interests of data subjects as guaranteed under the Constitution of the Federal Republic of Nigeria, 1999.

    “And strengthen the legal foundations of Nigeria’s digital economy while ensuring the nation’s trusted and beneficial participation in regional and global economies through responsible use of personal data.”

    Bamigboye said, “In line with Sections 5(i), 6(a), 6(c), 46(3), and 47(1)-(2) of the NDP Act, the Commission has issued Compliance Notices to certain organisations listed in the schedule of its notice.

    “The list of these organisations will be published on Monday, 25th August 2025, in some major newspapers across the country. The list of organisations were drawn from insurance companies, pension companies, gaming companies, banks, and insurance brokers.

    Read Also: First Lady empowers 500 ondo women, urges beneficiaries to focus on business growth

    “These organisations are required to, within twenty-one (21) days of issuance, provide the following: Evidence of filing NDP Act Compliance Audit Returns for 2024 (S.6(d) of the NDP Act),
    Evidence of designation or appointment of a Data Protection Officer, including name and contact details (S.32).

    Others are “Summary of technical and organisational measures for data protection within the organisation (S.39).

    “And Evidence of registration as a Data Controller or Processor of Major Importance (S.44).”

    “The Commission reiterates that failure to comply with this Compliance Notice may result in enforcement actions, including the issuance of an Enforcement Order, administrative fines, and/or criminal prosecution in accordance with the NDP Act, 2023.

    “The NDPC remains committed to ensuring a culture of accountability and trust in Nigeria’s data protection and privacy ecosystem, while safeguarding the rights of data subjects and strengthening the nation’s digital economy,” Bamigboye said.

  • Alleged users’ right breach: NDPC urges court to dismiss Meta’s suit against N32.8m fine 

    Alleged users’ right breach: NDPC urges court to dismiss Meta’s suit against N32.8m fine 

    The Nigeria Data Protection Commission (NDPC) has urged a Federal High Court (FHC) in Abuja to dismiss a suit filed by Meta Platforms Incorporated against the sanctions imposed on it.

    The NDPC had, on February 18, imposed both a remedial fee of $32,800,000million dollars and eight corrective orders against Meta Inc.

    The American multinational technology company was found to have violated the fundamental privacy rights of its Nigerian users with respect to behavioural advertisements on Facebook and Instagram.

    Dissatisfied with the penalties, , Meta filed the suit, marked: FHC/ABJ/CS/355/2025 for judicial-review and an order of certiorari quashing the compliance and enforcement orders and all other investigations, proceedings and actions taken by NDPC against the applicant leading to the ‘Final Orders issued against the company on February 18.

    The NDPC, in a preliminary argued that the suit is incompetent, queried court’s jurisdiction to hear it and urged the court to either dismiss or strike it out.

    In a supporting affidavit, NDPC noted that Meta filed its originating summons on 19th March 19, 15 days after it obtained the court’s permission to institute the suit for judicial review.

    NDPC argued that the reliefs contained in the originating summons are completely different from the reliefs contained in the statement filed to support the ex-parte application for judicial review. 

    It said it believes that this error on the part of Meta was fundamental and “the defendant/applicant (NDPC) does not intend to waive its right to object, in this regard.”

    READ ALSO; UPDATED: Why I resigned from PDP, by Atiku

    “The defendant/applicant does not intend to waive its rights in challenging these fundamental errors, which are fatal to this proceeding and jurisdiction of the court,” NDPC said.

    NDPC stated, in a supporting affidavit, that in its decision, Meta was sanctioned after a protracted and thorough process of investigation.

    It added that the investigative power of the commission was activated by a petition written by an organisation, the Personal Data Protection Awareness Initiative (PDPAI).

    According to the commission, the PDPAI alleged that the company breached the data protection rights of users of Facebook and Instagram. 

    It added that in the said petition, the plaintiff was alleged to be engaging in behavioural advertising without obtaining explicit consent of data subjects (users).

    The commission said compelling evidence were provided in support of the petition, revealing Meta’s private policy showing that it conducted behavioural advertising, without obtaining consent from the data subjects.

    NDPC described behavioural advertisement as “a special form of targeted advertising, where consumers are shown advertisements based on their behavioural data.” 

    It added said behavioural advertisement is a kind of advertising which collects and tracks individual sensitive information, without their knowledge or consent, to either share with third parties, or to decide specialised advertisements to be shown to the consumers.

    NDPC said during investigation, it drew the company’s attention to some very disturbing violations in this regard, especially as to non-consensual data processing activities.

    It said the alleged violations included the disclosure of sensitive personal data of minors relating to their sex lives; sensitive personal data of minors involving drug use; and sensitive personal data of minor pupils in school, involving erotic dancing.

    NDPC stated that Meta was found in breach of certain provisions of the Nigeria Data Protection (NDP) Act, and that its promotion of debasing images outside the expectation of concerned data subjects offended the principles of fairness, lawfulness, transparency, accountability and duty of care.

    It added that Meta’s alleged failure to file a compliance audit with the commission for the year 2022, was a breach of the NDP Act.

    The commission stated that cross border transfer of data by Meta, contravened the mandatory requirements under the NDP Act. 

    Meanwhile, Justice James Omotosho has adjourned till October 3 for ruling.

  • NDPC investigates data breach in JAMB

    NDPC investigates data breach in JAMB

    There are indications that the Nigeria Data Protection Commission (NDPC) has already initiated investigation into the alleged data breach at the Joint Admission Matriculation Board (JAMB).

    Sources familiar with the case disclosed that NDPC opened investigation into the allegations based on the concerns that confidentiality and integrity of personal data relating to candidates may have been compromised by hackers.

    A source within the NDPC, who spoke in confidence, said the Commission would leave no stone unturned to unravel the truth about the matter. 

    The source added that the investigation would cover systemic audit of data processing and third party activities within. 

    JAMB recently admitted that a technical error on its platform affected 379,997 candidates in 157 examination centres across Lagos and the South-East.

    Our correspondent gathered that further investigation led to the arrest of at least 20 suspects in the custody of the Department of State Services and the Nigerian Police Force. 

    Read Also: Stakeholders divided over JAMB registrar’s future

    This represents a fraction of over 100 notorious hackers who hacked into digital infrastructures of prominent examination bodies such as JAMB.  

    Another source confirmed that many of the examination centres may have failed to put in place appropriate technical and organisational measures in securing the personal data of candidates. 

    Although, the incident reportedly affected 379, 997 candidates, the NDPC’s investigation seemed to cover systemic audit of data processing and third-parties.

  • NDPC investigates Optasia over alleged data breaches

    NDPC investigates Optasia over alleged data breaches

    The National Commissioner/CEO of the Nigeria Data Protection Commission (NDPC) Dr. Vincent Olatunji has ordered investigation into the data processing activities of Optasia which operates in Nigeria as Nairtime Nigeria Ltd.

    According to the Head of Legal, Enforcement and Regulations of the NDPC, Barrister Babatunde Bamigboye, the probe was necessitated by suspected non compliance methods of data processing by the company.

    Bamigboye, in a statement in Abuja quoted the National Commissioner as expressing grave concerns over the development.

    He said:”This investigation was triggered by a pattern of suspected non-compliant data processing which was discovered during routine regulatory oversight of data controllers and data processors of major importance.

    Read Also: Edo victory: APC set to retain Ondo, unseat APGA in Anambra – Ganduje

    “The Commission notes with grave concern that Optasia deploys privacy invading technologies to process personal data for the purposes of marketing, credit scoring and other financial solutions.

    “The investigation of credit scoring activities covers the way financial institutions, telecommunication companies, insurance companies among others process personal data of citizens for various purposes.”

    He said the National Commissioner enjoined data controllers and data processors of major importance who rely on third parties as mediums through which the personal data of the Nigerian populace may be processed to ensure that such third parties are duly registered with the Commission.

    He insisted that the measure would ensure accountability, strengthen data security architecture and protect Nigeria’s data sovereignty.

  • Data commission reads riot act to compliance organisations

    Data commission reads riot act to compliance organisations

    Nigeria Data Protection Commission (NDPC) yesterday threatened to revoke the licences of non-performing Data Protection Compliance Organisations (DPCOs) in the country.

     Its National Commissioner, Dr Vincent Olatunji, gave the warning during a breakfast meeting with the DPCOs at The Providence, Ikeja, Lagos, adding that the Commission had revoked the licences of 19 DPCOs over failure to live up to expectation.

    Read Also: Moniepoint, Data Protection Commission seek data mgt

     Dr. Olatunji said a lot of the DPCOs were not doing what is right and urged them to embark on aggressive registration of their clients.

     He said the Nigerian data space was replete with opportunities in job creation, adding that the administration of data protection in the country has attracted global attention, an indication that the country was getting it right.

    .

  • NDPC signs MoU for training, certification of data processing professionals in Nigeria

    NDPC signs MoU for training, certification of data processing professionals in Nigeria

    The Nigeria Data Protection Commission (NDPC) on Monday, May 20, signed a Memorandum of Understanding (MoU) with the Institute of Information Management to certify over 10,000 data processing professionals in the country.

    The commission also presented a license certificate to the Institute authorising them to conduct examinations and certify data professionals.

      The national commissioner of the NDPC, Vincent Olatunji, said the license presentation marks the beginning of the journey to make the Institute a Pan-African hub for data protection professionals.

    He said already, some African countries have already started to approach Nigeria to learn from her experiences in data protection, licensing of data processors, and other stakeholders in the industry to tap from the vast opportunities in the sector.

    Read Also: NDPC to boost data protection reportage

    Olatunji said when the Commission was established, only about 2,000 Data Comptrollers were available, but as of today 10,000 Comptrollers have been engaged.

    He said the Commission engaged the institute to bridge the gap in the training of data Comptrollers, processors, and other professionals needed to accelerate the growth and development of the sector in line with President Bola Tinubu’s agenda to create 2 million jobs in the industry as quickly as possible.

    Details shortly…

  • NDPC to boost data protection reportage

    NDPC to boost data protection reportage

    The Nigeria Data Protection Commission (NDPC) has said that it will sustain the engagement of journalists for continuous propagation of data privacy and protection message.

    The National Commissioner of NDPC, Dr. Vincent Olatunji, disclosed this when he received officials of the Nigeria Information Technology Reporters Association (NITRA) on Monday in Abuja.

    Olatunji recognised that times were changing; hence journalists needed to be abreast with the dynamism in the data privacy and protection ecosystem.

    He said the media had remained a great asset towards nation building and continuous engagement would ensure that they played their role maximally.

    “We are aware of the freedom of expression granted to you the press by the constitution, but we felt that it is important to train you to understand that part.

    “I see this collaboration as a continuous thing, more importantly, now everything is changing, we need to deepen your knowledge on data privacy.

    “We cannot do awareness under this building; we need media to assist us to disseminate this information so that people can comply with the data protection policies.’’

    He said that the commission was collaborating with relevant institutions in ensuring that data privacy and protection policies were adhered to.

    Olatunji said that the commission was working with Committee of Vice Chancellors to further deepen knowledge about data protection.

    “We are also working with National Board for Technology Education for Polytechnics and others.

    “All these efforts are geared towards ensuring that the message of data protection is spread and there is virtually nothing we can do without you.’’

    The national commissioner encouraged NITRA members to pursue training as certified Data Protection Officers, adding that it was a lucrative area with readily available jobs.

    According to him, when the training is combined it with knowledge of journalism, there is more advantage more than other data processing officers.

    “It is a huge ecosystem that has something for everybody to benefit; so, we need to collaborate and ensure you catch up with the changes in data privacy ecosystem,’’ he said.

    Head, Legal, Enforcement and Regulations, NDPC Mr. Babatunde Bamigboye said many data controllers continuously breached data rights of citizens unknowingly.

    Read Also: We will ban issuance of mining licenses to investors without requisite plans – Alake

    Bamigboye, however, said in spite the need for freedom of speech, there was the place of privacy and rights of the people, which the commission was committed to.

    He told the journalists that it was important to learn some emerging ethics that would aid balancing the rights and privacy of individuals while reporting.

    President of NITRA, Mr. Blessing Olaifa, congratulated Olatunji on the adoption of Nigeria Data Protection Act 2023, adding that it had empowered the commission to enforce data protection in Nigeria.

    “We congratulate you on your appointment by President Bola Tinubu; it is a measure of your hard work and tenacity for the industry growth.

    “We also congratulate you on the passage of the Nigeria Data Protection Act 2023; that has given you the impetus to operate in a way that people are now aware of data.

    “Before now, people were not much familiar and interested in data, some thought it was only data in their phones, but they are aware about information they give about themselves to institutions,’’ she said.

    Olaifa, while commending the NDPC on its drive towards engaging the media in its activities, said it was necessary consolidating on the collaboration for more results.

    “This is in view of the fact that the sector is dynamic and we need more capacity building to fine-tune our knowledge and upscale our skills while reporting,’’ he said.