The Nigeria Data Protection Commission (NDPC) has imposed a fine of N555.8 million on Fidelity Bank Plc for violations of data protection regulations.
The National Commissioner of the NDPC, Dr. Vincent Olatunji, disclosed this during the validation workshop for the Nigeria Data Protection (NDP) Act General Application and Implementation Directive (GAID) in Abuja.
Dr. Olatunji explained that the enforcement of data protection laws became more robust after President Bola Tinubu signed the NDP Act into law on June 12, 2023.
This legislation empowers the NDPC to impose fines and other sanctions on organisations that fail to comply with data protection standards.
The commissioner revealed that an investigation into Fidelity Bank began in April 2023 and concluded with findings of non-compliance.
As a result, the NDPC imposed the substantial fine, which amounts to 0.1% of the bank’s gross earnings for 2023.
“The penalties for non-compliance are significant, ranging from N10 million to as much as two percent of an organisation’s annual gross income from the previous year,” Dr. Olatunji said.
He further noted that the NDPC considers the severity of the breach, its impact, the number of affected data subjects, and the level of cooperation from the organisation when determining penalties.
The commissioner stressed that this was the first major penalty issued by the NDPC since the NDP Act was enacted.
He also noted that the commission had previously held a similar workshop in Lagos to gather input from the private sector.
To ensure widespread compliance with data protection regulations, the NDPC is utilising a public-private partnership model.
Dr. Olatunji reported that the commission has licensed 194 data protection professionals who assist organisations in crafting privacy policies, conducting data protection impact assessments, and training staff on compliance.