The Nation Newspaper

Tag: Nigeria Data Protection Commission

  • Data Commission begins sector by sector probes of companies over data breaches

    Data Commission begins sector by sector probes of companies over data breaches

    The Nigeria Data Protection Commission, NDPC, has concluded arrangements to begin a comprehensive investigation of companies in the various sectors of the economy in order to expose data breaches and mete out appropriate sanctions.

    The NDPC said companies in the insurance, banking, hospitality, pension, gaming and insurance brokers amongst others would be probed to determine their compliance with the NDP Act 2023.

    The Commission in a statement issued in Abuja and signed by its Head of Legal, Enforcement and Regulations, Barrister Babatunde Bamigboye, said its action was “in furtherance of its mandate under the Nigeria Data Protection Act (NDP Act), 2023.”

    Bamigboye said NDPC would commence a sector-by-sector investigation of organisations suspected of non-compliance with the provisions of the Act.

    He added that the list of affected organisations/companies in various sectors would be published in some major national dailies on Monday 25th of August.

    Bamigboye explained that the NDP Act, 2023 seeks to “safeguard the fundamental rights, freedoms, and interests of data subjects as guaranteed under the Constitution of the Federal Republic of Nigeria, 1999.

    “And strengthen the legal foundations of Nigeria’s digital economy while ensuring the nation’s trusted and beneficial participation in regional and global economies through responsible use of personal data.”

    Bamigboye said, “In line with Sections 5(i), 6(a), 6(c), 46(3), and 47(1)-(2) of the NDP Act, the Commission has issued Compliance Notices to certain organisations listed in the schedule of its notice.

    “The list of these organisations will be published on Monday, 25th August 2025, in some major newspapers across the country. The list of organisations were drawn from insurance companies, pension companies, gaming companies, banks, and insurance brokers.

    Read Also: First Lady empowers 500 ondo women, urges beneficiaries to focus on business growth

    “These organisations are required to, within twenty-one (21) days of issuance, provide the following: Evidence of filing NDP Act Compliance Audit Returns for 2024 (S.6(d) of the NDP Act),
    Evidence of designation or appointment of a Data Protection Officer, including name and contact details (S.32).

    Others are “Summary of technical and organisational measures for data protection within the organisation (S.39).

    “And Evidence of registration as a Data Controller or Processor of Major Importance (S.44).”

    “The Commission reiterates that failure to comply with this Compliance Notice may result in enforcement actions, including the issuance of an Enforcement Order, administrative fines, and/or criminal prosecution in accordance with the NDP Act, 2023.

    “The NDPC remains committed to ensuring a culture of accountability and trust in Nigeria’s data protection and privacy ecosystem, while safeguarding the rights of data subjects and strengthening the nation’s digital economy,” Bamigboye said.

  • Data breaches: Commission warns banks, hospitals, others against infractions

    Data breaches: Commission warns banks, hospitals, others against infractions

    • Threatens maximum penalty

    The Nigeria Data Protection Commission, NDPC, has warned of severe punishment against institutions and bodies that violate or mishandle citizen’s data, saying that it would not hesitate to impose maximum fines on them.

     Sounding the warning, the National Commissioner and Chief Executive Officer of the Commission, Dr Vincent Olatunji, said the warning became imperative as the Commission aims to ramp up its enforcement instruments in 2025.

     Our correspondent gathered that the NDPC is targeting banks, hospitals, educational institutions, insurance companies, telecom companies and government bodies saddled with the responsibilities of handling citizen’s data with outmost safety.

     Dr Olatunji in a statement from the Media Department of the Commission said data controllers and data processors should be up to their games and be vigilant on safety of citizen’s data under their control.

    Read Also: Stakeholders call for collaboration on agric data

     “For data controllers and processors, there is going to be massive enforcement. We have never really issued any fine, but going forward, you’ll hear us giving heavy penalties,” the NDPC boss said.

    He assured Nigerians that their data rights, as guaranteed by the NDPA Act, will be fully protected, and defaulting data controllers and processors will face strict consequences.

     The Commissioner highlighted the NDPC’s extensive engagements with stakeholders across public and private sectors to promote awareness and compliance with the Commission’s mandate.

     He said the efforts have resulted in the signing of Memorandums of Understanding (MOUs) with key organisations, including the National Insurance Commission (NAICOM), National Lottery Regulatory Commission (NLRC), the Data Privacy Office of Canada, and the Dubai International Financial Centre Authority (DIFC), among others.

  • Data commission slams N555m fine on bank

    Data commission slams N555m fine on bank

    The Federal Government has imposed a N555 million fine on Fidelity Bank plc for data breaches.

    The fine was imposed by the Nigeria Data Protection Commission (NDPC), supervised by the Federal Ministry of Communications, Innovations and Digital Economy.

    The National Commissioner of the NDPC, Dr Vincent Olatunji disclosed this in Abuja yesterday at a Stakeholders validation workshop on the Nigeria Data Protection Act General Application and Implementation Directive.

    Fidelity Bank Plc has 14 days to pay up the fine upon receipt of the letter from the NDPC.

    According to Dr Olatunji, the fine was imposed on Tuesday (yesterday) after series of efforts geared towards enforcement of NDPC Act 2023 and ensure industrial harmony, but with the bank’s authorities proven difficult during investigations.

    Olatunji explained that Fidelity bank not only violated NDPC Act, 2023,  but aggravated its matter by its arrogance towards constituted authority, and was fined 555 million naira representing 0.1 per cent of its annual gross revenue in 2023.

    He added that the fine was the highest fine to be issued by the commission, asserting that the bank showed poor cooperation during the NDPC’s investigation.

    Olatunji said: “Data protection compliance is important and we have stated that non-compliance will be punished. We have penalties that range from N10m or up to 2 per cent of gross earnings for the previous year.

    Read Also: Data commission earns N100m from non-compliant organisations

    “The whole thing is about awareness for people to be aware of what is in the law, and the data protection ecosystem in Nigeria is still evolving, which is why we need to create more awareness as much as we can to avoid ambiguity.

    “We have a PPP model to ensure compliance, we have licenced some professionals on data protection , that’s the Data Protection Compliance Organisations of Nigeria.

    “We have licensed about 194 of them, and they go round organisations, private sectors, to take them through compliance in terms of crafting their privacy policy, creating awareness within the organisations.

    “It is about letting them know their obligations under the law and carrying out Data Protection impact assessments, training their staff and register with us and summit their annual report to the commission, with this we will know the level of compliance.

    “The penalty for data breach is huge if you don’t comply. Penalties can range from N10 million even up to two per cent of their annual gross income for the previous year.

    “However, most of the breaches we have treated, we look at the level of the breach, the impact, and the number of data subjects affected and the level of cooperation that is involved.

    “Since we started the only time we issued a major penalty was yesterday on Fidelity Bank.

    “We issued a fine of about N555 million that they have to pay. We observed some breaches, we have been working with them since April 2023 on the investigation, and by the time we finalised, they became arrogant so we decided to issue a full penalty on them, which is about 0.1 per cent of the gross earnings for 2023.”