Nigeria Data Protection Commission Probes Companies for Data Breaches

The Nigeria Data Protection Commission (NDPC) has disclosed that it is currently investigating nine organizations for data breaches. Dr. Vincent Olatunji, the National Commissioner of the commission, made this announcement during an interaction with journalists on Tuesday (July 18, 2023). While he did not reveal the names of the companies, he mentioned that they included an insurance firm, a school, and a consulting firm.

Speaking on the commission’s independence, Olatunji emphasized that the NDPC operates independently according to the provisions of its act. He stated, “Since we started, the commission has not had any cause to run to anyone. We have imposed fines on three major banks, and they will pay their fines. We are currently investigating approximately nine major organizations, including an insurance firm, a school, and a consulting firm. Our work is not influenced by political affiliations.”

Olatunji further mentioned that the NDPC is collaborating with the Central Bank of Nigeria (CBN) regarding the social media Know Your Customer (KYC) requirement. He explained that after the regulation was announced, the commission reached out to the apex bank, which also expressed interest in compliance.

While acknowledging the CBN’s intention to safeguard the financial system against data risks, Olatunji revealed that ongoing discussions are taking place between the NDPC and the CBN to address any challenges arising from the regulation. He added, “We are working together to tackle the issues related to this regulation, and we are making progress. The financial sector holds a vast amount of data.”

Securing the data of Nigerians is a significant task, but Olatunji expressed confidence that the new Nigeria Data Protection Act 2023 is well-equipped to handle this responsibility. In February, Olatunji had announced that the commission, which was a bureau at the time, was investigating over 110 companies in Nigeria for alleged data breaches. The companies under investigation at that time included banks, telecommunications firms, gaming companies, and online lending companies.