NDPC Issues 21-Day Ultimatum To Banks And Insurance Firms For Data Protection Compliance.
The Nigeria Data Protection Commission (NDPC) has issued a stern directive to banks, insurance companies, pension funds, gaming operators, and insurance brokers, granting them 21 days to demonstrate compliance with the Nigeria Data Protection Act (NDPA) 2023 or face severe sanctions. The announcement, made on 25 August 2025 in Abuja, marks the start of a sector-by-sector investigation aimed at enforcing adherence to the nation’s data protection laws, as confirmed by Babatunde Bamigboye, NDPC’s Head of Legal, Enforcement, and Regulations.
Under the NDPA, organisations handling significant volumes of personal data must file 2024 Compliance Audit Returns, appoint a Data Protection Officer, outline technical and organisational data protection measures, and register as a Data Controller or Processor of Major Importance. Bamigboye stated that the commission has sent compliance notices to targeted firms, with a list of those under scrutiny published in national newspapers on 25 August 2025. Failure to meet the 21-day deadline could result in enforcement orders, administrative fines, or criminal prosecution, as stipulated in Sections 5, 6, 46, and 47 of the Act.
The NDPC’s crackdown follows its commitment to safeguarding Nigerians’ data rights and strengthening the country’s digital economy. The 2023 Act, designed to align Nigeria with global data governance standards, seeks to protect citizens’ fundamental rights and freedoms as guaranteed under the 1999 Constitution. The commission has already demonstrated its resolve, previously fining Multichoice Nigeria N766.2 million for intrusive data practices and Fidelity Bank N555.8 million for processing personal data without consent.
Bamigboye emphasised that the initiative is not merely punitive but aims to foster a culture of accountability and trust in Nigeria’s data protection ecosystem. The NDPC urged affected organisations to review their compliance status and submit the required evidence promptly. The move has been welcomed by consumer rights advocates, who see it as a vital step toward ensuring responsible data handling and enhancing Nigeria’s participation in the global digital economy.
This investigation underscores the NDPC’s proactive stance in addressing data breaches, with the commission vowing to continue its efforts to protect citizens and bolster digital trust across key sectors.
