The Nigeria Data Protection Commission (NDPC) has issued a 21-day ultimatum to banks, insurance firms, pension operators, gaming companies, and brokers suspected of violating provisions of the Nigeria Data Protection Act (NDPA) 2023.

The directive, part of a sector-wide compliance review, is aimed at enforcing adherence to the landmark legislation, which was enacted last year to strengthen citizens’ data rights and enhance Nigeria’s role in the global digital economy.

According to a statement signed by Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations at the NDPC, the affected organisations will be publicly named in national newspapers on Monday, August 25, 2025.

“These organisations are required, within 21 days of issuance, to provide evidence of compliance audit filings for 2024, designate or appoint a Data Protection Officer, outline technical and organisational measures for safeguarding data, and show proof of registration as a Data Controller or Processor of Major Importance,” the commission stated.

The NDPC cautioned that failure to comply would attract strict sanctions, including enforcement orders, administrative fines, and possible criminal prosecution, as provided under the NDPA.

The Act, the commission noted, was designed to “safeguard the fundamental rights, freedoms, and interests of data subjects as guaranteed by the 1999 Constitution,” while ensuring Nigeria’s active participation in the global economy through responsible data use.

Reaffirming its commitment, the commission said: “The NDPC remains resolute in entrenching accountability and trust in Nigeria’s data protection ecosystem, while safeguarding the rights of data subjects and strengthening the nation’s digital economy.”

The agency has recently demonstrated its enforcement stance with heavy sanctions. Multichoice Nigeria was fined ₦766.2 million for intrusive and unlawful data practices, including unauthorised cross-border transfers of subscriber information. Similarly, Fidelity Bank was penalised ₦555.8 million — representing 0.1% of its 2023 revenue — for processing personal data without informed consent.

Nigeria: NDPC Gives Banks, Insurers, and Gaming Firms 21 Days to Comply with Data Protection Law

Global: EU Considers Public Blockchain Integration for Digital Euro Rollout

Nigeria: OADC Launches Open Access Fabric to Transform Africa’s Internet Ecosystem

Comments

More in Nigeria

Nigeria: SEC Mandates Full Compliance by Capital Market Operators

Nigeria: Cardoso Confirms 16 Banks Have Met the New CBN Minimum Capital Requirement

Nigeria: MTN’s MoMo PSB seals deal with Thunes to expand cross-border payments for Nigerians

Sponsored

Company

Resource

Popular Posts

Global: Hong Kong Ranks 4th Globally for Ease of Business, While Indonesia and Mainland China Are the Most Complex in APAC

Global: New ISO Standard Supports Uniform Inclusion of ‘Official Organizational Roles’ in LEI-based Digital ID Tools

EGYPT: NASSER ALSHAALI APPOINTED AS CHAIRPERSON OF HSBC EGYPT

Nigeria: SEC Reports Unclaimed Dividends Surge to N190 Billion Amid Identity Challenges