-
NDPC Issues Banks, Insurers, Pension Firms 21-Day Ultimatum.
-
Non-compliance may attract fines, enforcement orders or prosecution.
-
Previous fines on Multichoice and Fidelity Bank show commission’s resolve.
The Nigeria Data Protection Commission (NDPC) has issued a 21-day compliance ultimatum to banks, insurance companies, pension fund administrators, gaming operators and insurance brokers suspected of violating the Nigeria Data Protection Act, 2023.
EDITOR’S PICKS
- 10 Killed as Rival Bandit Groups Clash at Naming Ceremony in Katsina
- ‘Unacceptable, Dehumanising’ – NYSC Condemns Assault On Corps Member
- 48-Hour Ultimatum: Gani Adams Intervenes in Alaafin–Ooni Feud
EKO HOT BLOG reports that the directive, according to the Commission, forms part of a sector-by-sector investigation aimed at ensuring strict adherence to the law, which was enacted last year to safeguard citizens’ rights and strengthen Nigeria’s participation in the global digital economy.
In a statement on Sunday, the NDPC explained that the notice was issued under sections 5(i), 6(a), 6(c), 46(3) and 47(1)-(2) of the Act. The statement was signed by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye.
The list of affected organisations is expected to be published in national newspapers on Monday, August 25, 2025.
NDPC Demands Evidence of Compliance
The Commission directed the firms to provide within 21 days:
-
Evidence of filing compliance audit returns for 2024 under the Act
-
Evidence of appointment of a Data Protection Officer
-
A summary of technical and organisational measures adopted for data protection
-
Proof of registration as a Data Controller or Processor of Major Importance
The NDPC warned that failure to comply could attract severe regulatory sanctions, including enforcement orders, administrative fines and possible criminal prosecution.
“Failure to comply with this compliance notice may result in enforcement actions, including the issuance of an Enforcement Order, administrative fines, and/or criminal prosecution in accordance with the NDP Act, 2023,” the Commission stated.
The NDPC emphasised that its actions were aimed not only at ensuring compliance but also at protecting Nigerians’ data rights. It stressed that the Data Protection Act was designed to safeguard the fundamental rights and freedoms of citizens as guaranteed by the 1999 Constitution, while also positioning Nigeria as a trusted player in regional and global digital economies.
“The NDPC remains committed to ensuring a culture of accountability and trust in Nigeria’s data protection and privacy ecosystem, while safeguarding the rights of data subjects and strengthening the nation’s digital economy,” Bamigboye added.
The Commission highlighted its resolve to enforce compliance, citing previous fines against erring organisations.
Multichoice Nigeria was fined N766.2m for intrusive and unlawful data practices, including illegal cross-border transfer of subscriber data. Fidelity Bank was also fined N555.8m — representing 0.1 per cent of its 2023 revenue — for processing personal data without informed consent.
The NDPC reaffirmed that similar sanctions would await any organisation found guilty of breaching the Act.
