Nigeria Probes 1,369 Organizations in Major Data Privacy Crackdown

The Nigeria Data Protection Commission (NDPC)  has initiated its most extensive enforcement action to date, launching a sector-wide investigation into 1,369 organizations for suspected violations of the Nigeria Data Protection Act (NDPA), 2023. The targeted companies are in some of the country’s most sensitive sectors, including 795 financial institutions, 392 insurance brokers, 35 insurance companies, 10 pension firms, and 136 gaming operators.

In a statement by Mr. Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC, the commission has issued a 21-day compliance notice to the implicated organizations. The notice mandates them to provide key evidence of their adherence to the NDPA, including proof of filing their 2024 compliance audit returns, the appointment of a Data Protection Officer (DPO), a summary of their data protection measures, and evidence of their registration as a Data Controller or Processor of Major Importance.

The NDPC has warned that failure to comply within the given timeframe could lead to severe consequences. The commission’s official statement indicates that non-compliant organizations may face administrative fines, enforcement orders, and even criminal prosecution. This action follows the NDPC’s recent imposition of a N766.2 million fine on Multichoice Nigeria for data privacy breaches, which stands as the largest single penalty issued by the commission so far.

This widespread investigation highlights the NDPC’s strengthened commitment to safeguarding the data privacy rights of Nigerians. While the commission adopts a “remediation-first” approach to encourage compliance, it has demonstrated its resolve to impose sanctions when organizations are unwilling to correct their violations. The NDPC’s assertiveness is seen by experts as a significant turning point, moving from mere awareness campaigns to rigorous enforcement to build trust in Nigeria’s digital economy.