According to the Nigeria Data Protection Commission (NDPC), seven companies in Nigeria, including four banks and three other firms, have collectively paid ₦400 million for compromising Nigerians’ data. Vincent Olatunji, the commission’s National Commissioner and Chief Executive Officer (CEO), announced this during an interactive session with journalists in Abuja on June 11, 2024, commemorating the first anniversary of President Bola Tinubu signing the Nigeria Data Protection Commission Act into law.
Olatunji highlighted that the commission had completed over 1,000 investigations into data breaches across various sectors since the Act was enacted in 2023. These sectors include education, financial institutions, real estate, schools, insurance companies, and consulting firms. Of these cases, about 400 involve digital lending companies.
“In the law, we can fine companies depending on the nature of the breach, impact on the subject, and level of cooperation, and we got ₦400 million from remediation fees,” Olatunji stated. He emphasized that while the commission had received over 1,000 reports of data breaches, the actual figure could have been much higher if awareness levels among Nigerians were better.
The NDPC continues to work towards improving compliance with the Nigeria Data Protection Act 2023 across both private and public sectors. Olatunji urged all stakeholders to safeguard citizens’ data in line with global best practices. “When we started, the levels of compliance within the private sector was about 49% while the public sector was 4%. But today, private sector compliance is above 55%, while the public sector has reached 15%,” he added.
In an earlier report, the NDPC stated it would penalize chief executives of government Ministries, Departments, and Agencies (MDAs) for any data breach occurring under their watch. In June 2023, the NDPC revealed that several companies, including Zenith Bank, GTB, Fidelity Bank, Leadway Insurance, and Babcock University, were under investigation for alleged data breaches.
In January 2024, the Commission announced it was investigating 17 priority data breach cases across various sectors, from finance and technology to education, government, logistics, and gaming. This ongoing effort underscores the NDPC’s commitment to enforcing data protection regulations and ensuring compliance to protect Nigerians’ personal information.
As the NDPC continues to push for higher compliance and awareness, it is evident that data protection is becoming a critical issue in Nigeria. The penalties and investigations highlight the need for organizations to adopt robust data protection measures and align with the global standards to avoid significant financial and reputational damage.