Nigeria: NDPC Reviews Data Protection Compliance Across Ecosystem

Nigeria is strengthening its approach to data protection and cybersecurity, as the Nigeria Data Protection Commission(NDPC) intensifies compliance reviews across the digital ecosystem.

The development comes as the Minister of Communications, Innovation and Digital Economy, Bosun Tijani, announced plans for the establishment of a Cybersecurity Coordination Council. The proposed council is expected to enhance collaboration between government, private sector players, and other stakeholders in responding to emerging cyber threats.

According to the Minister, cybersecurity requires a collective approach, with stronger partnerships needed to safeguard Nigeria’s growing digital economy. He emphasised that coordinated action across sectors will improve threat detection, response capabilities, and overall system resilience.

Tijani also called for broader stakeholder engagement in shaping a sustainable cybersecurity framework capable of protecting national infrastructure, businesses, and citizens from evolving risks.

NDPC expands oversight and investigations

In parallel, the NDPC has launched an investigation into an alleged data breach involving Remita Payment Services Limited, Sterling Bank, and other entities.

According to a statement signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the Commission, notices of investigation were issued on April 1, 2026, with affected parties already providing relevant information.

The probe is focused on assessing the scope and nature of the incident, including the categories of personal data involved, potential risks to data subjects, and the adequacy of mitigation measures implemented.

The exercise is being conducted under the provisions of the Nigeria Data Protection Act 2023, which mandates organisations to implement robust technical and organisational safeguards when handling personal data.

Broader compliance enforcement

The National Commissioner/CEO of the NDPC, Vincent Olatunji, has also directed a wider review of organisations operating digital payment systems to ensure compliance with data protection requirements.

The Commission warned that entities failing to implement adequate safeguards will face regulatory scrutiny as part of efforts to maintain trust and integrity within Nigeria’s digital ecosystem.

The combined push for stronger cybersecurity coordination and stricter data protection enforcement signals a more proactive regulatory stance, as Nigeria works to build a secure, resilient, and globally competitive digital economy.