By Chinenye Anuforo
The Nigeria Data Protection Commission (NDPC) has said it would ramp up enforcement actions and impose substantial fines on organizations that violate the 2023 Nigeria Data Protection Act (NDPA).
The National Commissioner/Chief Executive Officer of the NDPC, Vincent Olatunji, announced this in a recent video where he outlined the Commission’s 2025 agenda.
Olatunji stated, “For data controllers and processors, there is going to be massive enforcement. We have never really issued any fine, but going forward, you’ll hear us giving heavy penalties.”
This move aims to ensure that individuals’ data rights are fully protected as guaranteed by the NDPA.
In 2025, the NDPC will also advance to the second phase of its Strategic Roadmap and Action Plan (NDP-SRAP 2023-2027). This phase will focus on creating job opportunities within Nigeria’s data protection and privacy sector, particularly for young professionals.
“There are a lot of data controllers and processors that are looking for people to work with them. Now those that we have trained in 2024, those we have certified, we are going to do more this year to actually launch them to the job market,” Olatunji said.
The NDPC will also continue its nationwide efforts to raise awareness about data protection.
Ahead of this year’s enforcement plan, the NDPC Commissioner announced a deadline for the registration of all data controllers and processors – all organizations that handle personal data, including banks, telecom companies, insurance firms, and schools.
“The law states that all data controllers and processors, and there are over 500,000 in Nigeria, should register with the data protection authority,” the Commissioner explained. “They have six months to familiarize themselves with the provisions of the law.
“Data controllers need to register with us because you can’t count them if you don’t know them. So, we need to have a number, and then those that are captured will be monitored to see how they are managing the data in their care and we can regulate them appropriately.
“From January 1st to 31st of March 2024, they are to submit their annual audit report, detailing the measures they have implemented to safeguard the data entrusted to them.”