The Federal Government has imposed a fine of N555.8 million on Fidelity Bank Plc for violating data protection regulations, according to the Nigeria Data Protection Commission (NDPC).
Dr. Vincent Olatunji, the National Commissioner of the NDPC, announced the penalty during the NDP Act General Application and Implementation Directive (GAID) validation workshop held in Abuja. He highlighted that the investigation into Fidelity Bank began in April 2023, revealing substantial non-compliance with data protection standards.
“We have been working with Fidelity Bank since April 2023, and after a thorough investigation, we decided to impose a fine of N555,800,000, which is approximately 0.1 per cent of their gross earnings for 2023,” Olatunji stated.
He emphasized that the severity of penalties under the NDP Act can range from N10 million to up to two per cent of an organization’s annual gross income, depending on the nature and impact of the breach.
The NDPC, empowered by the NDP Act signed into law by President Bola Tinubu on June 12, 2023, is responsible for enforcing data protection compliance across organizations in Nigeria.
The Commission’s recent actions underscore its commitment to safeguarding personal data and ensuring that businesses adhere to the highest standards of data privacy.
Olatunji also noted that the NDPC is actively engaging stakeholders to finalize a guide document that will provide a comprehensive framework for data protection in Nigeria. The Commission is working with both public and private sectors to develop a globally recognized standard for data privacy.
In addition, the NDPC has licensed 194 professionals in data protection to assist organizations in complying with the law.
These professionals are tasked with crafting privacy policies, conducting data protection impact assessments, and raising awareness about data protection obligations.
The successful implementation of the NDP Act GAID, Olatunji added, will require ongoing collaboration between all relevant stakeholders, including businesses, data protection professionals, and the Commission. This collective effort aims to create a data ecosystem that respects privacy and protects personal data.
