The Nigeria Data Protection Commission has initiated a sector-by-sector review of organisations suspected of breaching the Nigeria Data Protection Act 2023.
Head of Legal, Enforcement, and Regulations at the commission, Mr. Babatunde Bamigboye, made this known in a statement on Monday in Abuja.
Bamigboye stated that the investigation aligns with the NDPC’s mandate to “safeguard the rights, freedoms and interests of data subjects as guaranteed under the 1999 Constitution.”
He further explained that the act aims “to strengthen the legal foundations of Nigeria’s digital economy while ensuring the nation’s trusted and beneficial participation in regional and global economies through responsible use of personal data.”
Bamigboye revealed that the organisations under scrutiny include insurance companies, pension firms, gaming companies, banks, and insurance brokers.
He added that, in accordance with certain sections of the NDPA, “the commission has issued compliance notices to certain organisations listed in the schedule of its notice.”
“The list of these organisations will be published today in some major newspapers across the country,” he said.
“These organisations are required to within 21 days of issuance provide evidence of filing NDP Act Compliance Audit Returns for 2024, evidence of designation or appointment of a Data Protection Officer, including name and contact details. They are also to provide summary of technical and organisational measures for data protection within the organisation and evidence of registration as a data controller or processor of major importance.”
Bamigboye warned that failure to comply could lead to “enforcement orders, administrative fines or criminal prosecution in line with the NDPA.”
He concluded, “The NDPC remains committed to ensuring a culture of accountability and trust in Nigeria’s data protection and privacy ecosystem while safeguarding the rights of data subjects and strengthening the nation’s digital economy.”