Banks, Telcos, Others To Pay Huge Fines Over Breach Of Data Protection Law


Banks, Telecommunications companies, and other organisations may be fined up to two per cent of their annual revenue for data breaches following the implementation of the recently signed data law.

The National Commissioner/CEO, Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji stated this on Monday in Abuja, during a news conference on the implementation of the Nigeria Data Protection Act 2023.  

According to him, depending on the impact on the victim and other factors, the sanctions could be more or less severe. “Our goal is not to witch-hunt or fines anybody, but to inculcate in people, both by default and by design, the culture of data privacy compliance.”

The NDPC boss stated that the Act will ensure a sustainable digital economy and that the commission was putting plans in place to create 500 000 jobs in order to close the capacity gap in the subsector and help the President achieve his goal of creating one million jobs. 

He also disclosed that the Commission aims to increase public awareness campaigns, develop a standardised framework for implementation to ensure consistency and clarity across all sectors, and improve capacity-building for Data Protection Officers (DPOs) within the next two quarters of the year.

Olatunji also revealed plans to upscale the registration process for data controllers and data processors, introduce a definite calendar for filing annual Compliance Audit Returns and strengthen its regulatory frameworks for DPCOs as well as issue sector-specific guidelines, particularly for financial and telecom sectors. 

“At the core of the NDPR is the essence of respect – respect for the personal data of our citizens, respect for privacy, and respect for digital rights. This respect is now solidly etched in the NDPA.

“The change in legislation is not merely an addendum to the national law books but a transformative stride towards shaping a culture where the protection of personal data is a cherished principle and an inviolable obligation. 

“The move to make data protection a statutory requirement means every organization, big or small, must cooperate with government and also ‘walk the talk’ in the interest of our dear nation. 

“This development should not be seen as a burden; rather, let us view it as an exciting journey towards gaining trust, building robust data protection structures, and strengthening our standing in the global digital economy landscape.” He added 

Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.