The Nigeria Data Protection Commission (NDPC) has said that it has earned N400 million from sanctions imposed on seven firms for breaches of citizens’ data.
The National Commissioner, Vincent Olatunji, disclosed this during an interactive session with journalists in Abuja on Tuesday, marking the first anniversary of President Bola Tinubu’s signing of the Nigeria Data Protection Commission Act into law.
Over 1000 investigations in one year
The NDPC boss said the Commission has done over 1000 investigations, which cover financial institutions, schools, insurance companies, and consultancy firms for various degrees of data breaches.
Olatunji highlighted that out of these cases, about 400 involve digital lending companies, commonly referred to as loan sharks.
He said: “Cumulatively, we have had over 1,000 reports of data breaches between when we started and now. The figure is low because of the low level of awareness among Nigerians.
“Out of the 1,000 cases, about 400 of them are digital lending companies that we call loan sharks, but the main ones we have conducted investigations in the education sector, financial institutions, real estate, insurance, consulting, and schools, and as of today, we have finalised four major investigations, and some have paid their remediation fees.
“In the law, we can fine companies depending on the nature of the breach, impact on the subject, and level of cooperation, and we got N400 million from remediation fees.”
Rising compliance rates
During the session, Olatunji emphasized the importance of safeguarding citizens’ data according to global best practices.
He noted that the NDPC’s efforts have significantly improved compliance with the Nigeria Data Protection Act 2023 across both private and public sectors.
The NDPC boss noted: “When we started, the levels of compliance within the private sector was about 49% while the public sector was 4%. But today, private sector compliance is above 55%, while the public sector has reached 15%.”
Olatunji concluded by reiterating the NDPC’s commitment to protecting citizens’ data and fostering a secure data ecosystem, now valued at over 10 billion naira.
More Insights
- The NDPC earlier told Nairametrics that it would hold chief executives of government Ministries, Agencies, and Departments (MDAs) responsible for any data breach that occurs under their watch.
- In June 2023, NDPC disclosed that Zenith, GTB, Fidelity, Leadway Insurance, Babcock University, and some companies were under investigation for alleged data breaches.
- By October 2023, the Commission said it was investigating Opay, Meta, and DHL for alleged data breaches. These investigations reflect Nigeria’s commitment to data protection and privacy, bolstered by a robust legislative framework and strategic initiatives.
- When asked about the status of all the investigations, the NDPC boss told Nairametrics that only seven cases have been resolved so far, with the rest still pending.
