In a major move to bolster data protection across the country, the Nigeria Data Protection Commission (NDPC) has issued a stern warning to organizations and institutions mishandling citizens’ data. According to the Commission, violators will face hefty fines and penalties as the NDPC ramps up enforcement efforts throughout 2025....CLICK HERE TO READ THE FULL ARTICLE➤
This warning comes amid growing concerns about the protection of personal data in Nigeria, especially with the rising tide of digital transactions, e-governance, and online activities. Experts have long cautioned that the country’s data security infrastructure has been lagging, with many organizations showing laxity in safeguarding sensitive information.
NDPC Signals Tougher Enforcement: A New Era for Data Protection
In a statement released to the public, Dr. Vincent Olatunji, National Commissioner and Chief Executive Officer of the NDPC, highlighted the Commission’s renewed focus on enforcing the provisions of the Nigeria Data Protection Act (NDPA). Dr. Olatunji, speaking directly to the media, emphasized that the NDPC’s tolerance for data breaches would be zero moving forward.
“2025 is going to be a turning point in data protection in Nigeria,” Dr. Olatunji said. “We have witnessed several incidents where personal information has been compromised due to negligence or outright violations of the NDPA. The time has come for organizations to take the protection of data seriously or face severe consequences.”
He added that the NDPC would be holding various sectors accountable, including banking, healthcare, education, telecommunications, and government agencies. These sectors have been notorious for data lapses, sometimes exposing citizens’ personal and financial information to unauthorized access or cybercriminals.
From Warnings to Penalties: The Cost of Ignorance
Previously, the NDPC had largely focused on creating awareness and encouraging voluntary compliance with the NDPA. However, according to Olatunji, this approach will no longer be sufficient, as the country moves into a new era of data protection. In the past, the NDPC had refrained from issuing fines, but Olatunji confirmed that penalties would now be a primary tool in the Commission’s enforcement strategy.
“In the coming year, our approach will shift from just educating the public to implementing stringent sanctions for non-compliance,” he explained. “Fines will be applied where necessary, and those found guilty of breaching data protection laws will face the full weight of the law. This will serve as a deterrent to others who might still think they can flout the rules.”
Under the Nigeria Data Protection Act, the NDPC has the authority to fine organizations up to N10 million or 2% of their annual turnover for serious breaches. However, these fines can go higher in the case of repeated violations or gross negligence, according to the Commission’s guidelines.
Public and Private Sector Engagements: A Collaborative Approach
In his statement, Dr. Olatunji emphasized that the NDPC was not working in isolation. The Commission has already initiated partnerships with key public and private stakeholders to strengthen the country’s data protection regime. For example, the NDPC has signed Memorandums of Understanding (MOUs) with regulatory bodies such as the National Insurance Commission (NAICOM) and the National Lottery Regulatory Commission (NLRC), as well as international organizations like the Data Privacy Office of Canada and the Dubai International Financial Centre Authority (DIFC).
These collaborations aim to foster cross-border cooperation in tackling data protection issues. “The threat to data security is not limited to Nigeria; it’s a global issue,” Olatunji noted. “By aligning ourselves with international bodies, we ensure that we are keeping pace with global standards and best practices in data privacy.”
The NDPC has also been hosting workshops, seminars, and awareness campaigns to help organizations better understand their responsibilities under the NDPA. These efforts are designed to provide clearer guidance on how to handle, store, and secure personal data while minimizing the risk of data breaches.
Challenges in the Nigerian Data Protection Landscape
Despite the growing efforts to address data breaches, there are several challenges that remain. One of the primary obstacles is the lack of a robust infrastructure to monitor and enforce data protection laws. Cybersecurity experts argue that many Nigerian institutions, particularly in the public sector, still lack the technical capacity to safeguard sensitive data effectively. This leaves critical information vulnerable to theft, fraud, and misuse.
Dr. Olatunji acknowledged these challenges but reassured the public that the NDPC was working on improving the enforcement machinery. “We understand the difficulties that come with protecting data in a fast-changing digital landscape, but we are committed to strengthening our capacity to monitor and enforce compliance. Our goal is to create a secure environment where Nigerians’ personal data is treated with the utmost respect.”
Moreover, while Nigeria’s data protection laws are becoming more stringent, there is concern that many small and medium enterprises (SMEs) may struggle to comply with the new regulations. These businesses often lack the financial resources and technical expertise to implement effective data protection measures, leaving them vulnerable to penalties.
To address this, the NDPC has been in discussions with industry bodies to provide support for SMEs in the form of training, resources, and guidance. The Commission has also expressed willingness to consider a more graduated approach to enforcement for smaller companies, especially in the initial stages.
Protecting Citizens’ Rights in the Digital Age
At the heart of the NDPC’s push for stronger enforcement is the protection of citizens’ fundamental rights. With the digital age comes an unprecedented flow of personal data, and Nigerians have every right to expect that their data will be handled with care and respect. According to experts, data privacy is increasingly viewed as a fundamental human right, and nations across the world are tightening their laws to ensure that citizens’ information is not exploited or mishandled.
“Data is the new oil, and it is valuable,” Dr. Olatunji concluded. “We must protect it as we would any other critical national asset. The NDPC is committed to ensuring that Nigerians’ data rights are respected, and those who violate these rights will be held accountable.”
Be the first to comment