The Nigeria Data Protection Commission (NDPC) has launched a sweeping probe into 1,369 organizations suspected of flouting the country’s Data Protection Act (NDPA) of 2023. The investigation cuts across some of the economy’s most sensitive sectors—banking, insurance, pensions, gaming, and brokerage—highlighting how the regulator is stepping up enforcement in the digital economy.
According to Babatunde Bamigboye, head of Legal, Enforcement and Regulations at the NDPC, the companies under scrutiny have been issued compliance notices demanding proof that they are playing by the rules. Each must show evidence of 2024 compliance audit returns, the appointment of a Data Protection Officer, and details of the technical and organizational safeguards protecting customer data.
“The Commission’s actions are consistent with its constitutional duty to safeguard the rights and freedoms of Nigerian citizens, while strengthening trust in the digital economy,” Bamigboye explained.
A Wide Net Across Industries
The investigation is broad in scope. Targets include 795 financial institutions, 392 insurance brokers, 35 insurance companies, 10 pension fund managers, and 136 gaming operators. Collectively, these sectors handle massive volumes of sensitive personal and financial data—making them critical test cases for how Nigeria enforces its year-old data protection law.
Why the Crackdown Matters
The NDPA 2023 requires companies to adopt minimum standards in handling personal data—mandating compliance audits, appointment of dedicated data protection officers, and registration as data controllers or processors. The goal is to align Nigeria’s digital economy with international standards and reassure citizens that their data is not being misused or traded recklessly.
Recent enforcement actions underscore the stakes. In April, the NDPC slapped MultiChoice Nigeria with a ₦766.2 million fine for illegally transferring subscriber data across borders and violating customer privacy rights. That sanction sent a warning shot to companies that compliance is no longer optional.
The Cost of Non-Compliance
For businesses, the message is clear: failure to comply risks not only fines but also reputational damage in an economy where consumer trust is fragile. Banks, insurers, and pension firms—already grappling with regulatory costs—now face another layer of oversight. Gaming companies, many of them digital-first and lightly regulated until now, will also feel the heat.
The NDPC’s National Commissioner, Dr. Vincent Olatunji, has repeatedly stressed that data protection is now central to Nigeria’s digital transformation agenda. “Responsible use of personal data is crucial if Nigeria is to participate credibly in regional and global markets,” he said in a recent briefing.
The Bigger Picture
The investigation reflects a broader global trend: regulators are tightening oversight of data in response to rising concerns over privacy, cybercrime, and the monetization of personal information. Nigeria, Africa’s largest digital market, can ill afford to be left behind.
For the 1,369 companies in the NDPC’s crosshairs, compliance will likely require new hires, better systems, and cultural shifts in how customer data is treated. For Nigeria, the payoff could be stronger digital trust, higher investor confidence, and a more resilient digital economy.
