Fidelity Bank Fined ₦555.8 Million for Data Protection Violations by NDPC

The Nigeria Data Protection Commission (NDPC) has fined Fidelity Bank ₦555.8 million for violations of the Nigeria Data Protection Act, 2023, and the Nigeria Data Protection Regulation, 2019. The investigation, initiated in response to a complaint filed in April 2023, revealed that Fidelity Bank collected personal data without proper legal basis when opening an account for a customer.

The NDPC’s investigation uncovered that Fidelity Bank processed personal data without obtaining informed consent, including the use of cookies and banking apps, which, at the time, had been downloaded over one million times. Additionally, the bank was found to rely on non-compliant third-party data processors, further breaching data protection laws.

Despite numerous warnings and over ten correspondences exchanged between the NDPC and Fidelity Bank, no satisfactory remedial plan was provided by the bank. The Commission’s directive to pay the fine—equivalent to 0.1% of the bank’s annual gross revenue in 2023—was first issued in July 2023, and a remedial fee was requested in December 2023. However, the bank’s failure to comply led to the imposition of the hefty fine in August 2024, which must be paid within 14 days.

Dr. Vincent Olatunji, National Commissioner and CEO of the NDPC, emphasized the importance of trust and accountability in data processing. He warned that non-compliance undermines confidence in Nigeria’s ability to safeguard data-driven transactions, which are critical for economic growth.

In response, Fidelity Bank maintained that it had not violated any laws and stated that discussions with the NDPC are ongoing. The bank emphasized its commitment to data protection and ethical governance, citing its recognition with the prestigious CG+ award from the Nigerian Exchange Group for corporate governance excellence. Fidelity Bank expressed its dedication to resolving the matter amicably and assured its customers of continued protection of their data.