Nigeria’s data protection ecosystem has grown into a N16.2 billion industry within just two years of formal regulation, the Nigeria Data Protection Commission (NDPC) has disclosed.
The disclosure was made by the National Commissioner and Chief Executive Officer of the NDPC, Dr Vincent Olatunji, during a media workshop and capacity-building engagement held in Lagos.
The Commission says the growth reflects rising enforcement, compliance activity, and increasing confidence in Nigeria’s digital governance framework, even though the NDPC was not designed as a revenue-generating agency.
Dr Olatunji explained that regulatory compliance fees and enforcement actions under the Nigeria Data Protection Act (NDPA), 2023, have created significant economic value while also contributing to government revenue and job creation across the country.
What Olatunji is saying
The NDPC says the revenue recorded so far reflects a clear shift from advisory regulation to enforcement-driven compliance under the NDPA.
According to the Commission, regulatory fees and sanctions have contributed over N5.2 billion to federal revenue while supporting an estimated 23,000 jobs nationwide.
“These investigations have resulted in 11 major enforcement actions, including significant financial penalties and corrective directives.”
“The message is clear: violations of data privacy will attract serious consequences, regardless of the size or status of the organisation involved,” Olatunji stated.
Olatunji said the Commission has concluded 246 investigations into data protection and privacy breaches across multiple sectors, signalling that enforcement will remain central to Nigeria’s data governance strategy.
Flashback
Nigeria’s data protection enforcement drive gained national attention in July last year when the NDPC imposed a N766.2 million fine on MultiChoice Nigeria.
The penalty was linked to intrusive and disproportionate data practices, including the unlawful cross-border transfer of subscribers’ personal data without adequate safeguards.
- MultiChoice Nigeria was sanctioned for violating core provisions of the NDPA relating to consent and data minimisation.
- Fidelity Bank was fined N555.8 million in 2024 for processing personal data without informed consent.
- The bank was also penalised for deploying non-transparent cookies on its digital platforms and engaging non-compliant third-party data processors.
According to the NDPC, these landmark enforcement actions have strengthened regulatory credibility, deterred non-compliance, and reinforced trust in Nigeria’s fast-growing digital ecosystem.
More insights
The NDPC Commissioner linked the Commission’s enforcement milestones to Nigeria’s broader ambition of building a $1 trillion digital economy.
He stressed that accountability and trust are foundational to digital transformation and long-term investment.
“Privacy enforcement is the foundation of digital confidence. By holding violators accountable, we are safeguarding citizens while creating the secure environment required for innovation, investment and sustainable growth,” he said.
- Olatunji said the Commission has significantly expanded compliance structures across the economy to support this objective, moving beyond sanctions to system-wide institutional strengthening.
- The NDPC has registered 38,677 Data Controllers and Processors of Major Importance, licensed 307 Data Protection Compliance Organisations, and received more than 8,155 Compliance Audit Returns.
- In addition, the Commission has issued the General Application and Implementation Directive, which takes effect from September 2025, translated the NDPA into three major Nigerian languages, and launched a multi-sector compliance sweep covering banking, insurance, pensions, and gaming, with 1,348 entities already served with compliance notices.
What you should know
Nigeria’s data protection industry received a major policy boost in June 2023 following the signing of the Nigeria Data Protection Bill into law by President Bola Tinubu.
At the time, Dr Vincent Olatunji disclosed that the sector had contributed N5.5 billion to Nigeria’s Gross Domestic Product (GDP).
- The Nigeria Data Protection Act, 2023, formally established the NDPC as the country’s lead data protection authority.
- The law introduced stricter compliance requirements for organisations handling personal data.
- It also provided a legal foundation for sanctions, audits, and cross-border data transfer controls.
