Tag: The Nigeria Data Protection Commission (NDPC)

The Nigeria Data Protection Commission (NDPC) has said it is set to investigate companies that have committed data breaches and apply appropriate sanctions against them.

The NDPC said the liable companies comprise insurance, banking, hospitality, pension, gaming, and insurance brokers, amongst others.

The commission said it is going to probe them to determine their compliance with the NDP Act 2023.

In a statement in Abuja by its Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, NDPC said its action was “in furtherance of its mandate under the Nigeria Data Protection Act (NDP Act), 2023”.

The statement said the commission would begin a sector-by-sector investigation of organisations that failed to comply with the provisions of the Act.

Read Also: Tinubu’s long week in the skies: sacrifices for Nigeria’s place in global space

It explained that the NDP Act, 2023, seeks to “safeguard the fundamental rights, freedoms, and interests of data subjects, as guaranteed under the Constitution of the Federal Republic of Nigeria, 1999.

“And strengthen the legal foundations of Nigeria’s digital economy while ensuring the nation’s trusted and beneficial participation in regional and global economies through responsible use of personal data”.

It added: “In line with sections 5(i), 6(a), 6(c), 46(3), and 47(1)-(2) of the NDP Act, the commission has issued Compliance Notices to certain organisations listed in the schedule of its notice.

“The list of these organisations will be published on Monday, August 25, 2025, in some major newspapers across the country. The list of organisations was drawn from insurance companies, pension companies, gaming companies, banks, and insurance brokers.

“These organisations are required to, within twenty-one (21) days of issuance, provide the following: Evidence of filing NDP Act Compliance Audit Returns for 2024 (S.6(d) of the NDP Act), Evidence of designation or appointment of a Data Protection Officer, including name and contact details (S.32).”

Others, the commission said, are: “Summary of technical and organisational measures for data protection within the organisation (S.39).

“And Evidence of registration as a Data Controller or Processor of Major Importance (S.44).”

The Nigeria Data Protection Commission (NDPC) has signed a Memorandum of Understanding (MoU) with the National Insurance Commission (NAICOM) to deepen data privacy and safety in the country. 

Our correspondent gathered that before now, the Data Protection Commission has trained selected officials and personnel of the NAICOM on data safety and privacy within the insurance industry ecosystem. 

The National Commissioner and CEO of NDPC, Dr Vincent Olatunji signed the MoU on behalf of NDPC while Mr Olusegun Omosehin, the Commissioner for Insurance and Chief Executive Officer of NAICOM signed on behalf of NAICOM. 

According to Mr Itunu Dosekun, NDPC Head of Media, the documents formalised the working relationship between NDPC and NAICOM.

Providing details of the MoU, Dr Olatunji said, “On the 7th of August, we were here to pay a courtesy visit to NAICOM, and introduce what the ecosystem (data protection and privacy) is all about. 

“A lot of the things we agreed to work on have been implemented already, including the training of NAICOM staff. The MoU we are signing today is just a formality as we have already started its implementation.

“Immediately after this signing, we will have an Implementation Committee to make it work as projected.”

 He noted that the MoU was a “milestone in the NDPC’s mandate to deepen data privacy in Nigeria across all sectors”.

Read Also: NADAL: I want my son do other sport than tennis

In his remarks, Mr Omosehin said signing the MoU was, “the outcome of elaborate engagements between the two agencies of Government,” and believes that, “it would signal the enthronement, outright application and total acceptance of data protection and privacy principles, not just at NAICOM, but in the insurance sector”.

According to the MoU, “the parties hereto may actively engage in assessments and initiatives related to Data compliance and Privacy for the Insurance sector. The collaboration aims to thoroughly examine and implement measures that ensure compliance with relevant regulatory instruments governing data protection as applicable to the insurance sector. By working together, NDPC and NAICOM seek to strengthen Data compliance practices and uphold Privacy standards within the Insurance sector, fostering a secure and legally compliant environment for handling Personally Identifiable Information.”