The Nigeria Data Protection Commission (NDPC) has launched a sector-wide investigation into 1,369 organisations suspected of flouting provisions of the Nigeria Data Protection Act (NDPA) 2023.

According to a statement issued on Monday by Mr. Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC, the probe targets companies in sensitive industries such as banking, insurance, pensions, gaming, and insurance brokerage.

The Commission has also given the companies, which include 795 financial institutions, 21 days to submit evidence of compliance with the NDPA or face sanctions.

The list of the companies published by the Commission also include 392 insurance broker firms, 35 insurance companies, 10 pension companies, and 136 gaming companies.

Compliance checks underway

Bamigboye explained that the move aligns with the NDPC’s mandate to protect the rights and freedoms of data subjects under the 1999 Constitution while strengthening Nigeria’s digital economy.

He stressed that responsible use of personal data is crucial to the country’s trusted participation in both regional and global markets.

According to him, the Commission has already issued compliance notices to the organisations, demanding they show proof of adherence to key provisions of the NDPA.

These include filing their 2024 compliance audit returns, appointing a Data Protection Officer with full contact details, outlining technical and organisational data protection measures, and confirming registration as a data controller or processor of major importance.

” These organisations are required to within 21 days of issuance provide evidence of filing NDP Act Compliance Audit Returns for 2024, evidence of designation or appointment of a Data Protection Officer, including name and contact details.

“They are also to provide summary of technical and organisational measures for data protection within the organisation and evidence of registration as a data controller or processor of major importance,” the Commission stated.

What you should know

The NDPC recently slammed a fine of N766.2 million against Multichoice Nigeria for violating the NDPA, in what came as the largest single fine coming from the Commission since the Act came into force in 2023.

This is because the NDPC has adopted a remediation approach, which ensures that companies found to have violated the Act do the right thing to escape being fined.

The NDPC’s National Commissioner, Dr. Vincent Olatunji recently told Nairametrics that the remediation approach is being adopted to ensure business sustainability but noted that any organization that fails to comply with its remediation recommendations will be fined.

“Usually, when we investigate and find a breach, if they are ready to comply with the law, what is the point of making noise?

“It’s only when an organization is unwilling to comply with the law that we are forced to impose sanctions,” he said.

He added that the Commission is also taking the nation’s economy into consideration by not making pronouncements that could discourage investments.