Nigeria’s financial and technology sectors are bracing for a regulatory shake-up as the Nigeria Data Protection Commission (NDPC) intensifies its enforcement of the Nigeria Data Protection Act, 2023, signaling stricter oversight for industries handling sensitive personal data.
The commission has issued a 21-day compliance notice to banks, insurance firms, pension companies, gaming operators, and insurance brokers suspected of violating the law, marking a significant step toward bolstering Nigeria’s digital economy and protecting citizens’ data rights.
The NDPC’s move, announced over the weekend, is part of a sector-by-sector investigation to ensure compliance with the 2023 Act, which aims to safeguard personal data and position Nigeria as a trusted player in the global digital economy.
The commission, led by Babatunde Bamigboye, head of Legal, Enforcement and Regulations, cited sections of the Act that mandate organizations to implement robust data protection measures.
Affected companies, to be publicly listed in national newspapers on August 25, 2025, must submit evidence of compliance, including 2024 audit returns, proof of a designated Data Protection Officer, and details of technical and organizational safeguards.
Read also: Educating Nigerians on Data Privacy: The Nigeria Data Protection Commission’s Awareness Drive
Failure to meet the 21-day deadline risks severe penalties, including fines, enforcement orders, or criminal prosecution, the NDPC warned.
Recent examples underscore this resolve: Multichoice Nigeria was fined N766.2 million for intrusive data practices, including unauthorized cross-border data transfers, while Fidelity Bank faced a N555.8 million penalty, representing 0.1 percent of its 2023 revenue, for processing data without consent.
The crackdown reflects Nigeria’s broader ambition to strengthen its digital economy while ensuring accountability.
“The NDPC is committed to fostering trust and protecting the fundamental rights of data subjects as guaranteed by the Constitution,” the commission stated, emphasizing that the Act supports Nigeria’s integration into regional and global markets through responsible data use.
For financial institutions and tech-driven gaming operators, the compliance notice raises the stakes. Banks, handling vast troves of customer data, and gaming platforms, which collect sensitive user information, must now prioritize robust data governance or face significant financial and reputational risks.
“This is about building a culture of accountability. Nigeria’s digital future depends on it,” Bamigboye said.
