The Nigeria Data Protection Commission (NDPC) has announced that it has collected $266,000 (₦400 million) in fines from seven companies for data protection violations.
The fines were levied against four banks and three other firms for compromising the personal data of Nigerian citizens.
This information was disclosed by Vincent Olatunji, the National Commissioner and CEO of the NDPC, during a media briefing in Abuja on June 11, 2024.
The event marked the first anniversary of President Bola Tinubu signing the Nigeria Data Protection Commission Act into law.
Olatunji revealed that since the Act’s enactment in 2023, the commission has conducted over 1,000 investigations across various sectors, including education, finance, real estate, insurance, and consulting.
Notably, about 400 of these cases involve digital lending companies.
“The fines imposed depend on factors such as the nature of the breach, its impact on the affected individuals, and the level of cooperation from the companies involved,” Olatunji explained.
While the NDPC has received more than 1,000 reports of data breaches since the Act’s implementation, Olatunji suggested that this number could be significantly higher if public awareness were greater.
The commission reports progress in compliance rates, with the private sector improving from 49% to over 55%, and the public sector rising from 4% to 15%.
However, Olatunji emphasised the need for continued vigilance, urging all stakeholders to protect citizens’ data in line with global best practices.
This development follows earlier announcements by the NDPC, including plans to penalise chief executives of government bodies for data breaches and investigations into alleged violations by prominent banks, insurance companies, and educational institutions.
