The Nigeria Data Protection Commission (NDPC) has launched a sector-wide investigation into 1,369 organisations suspected of flouting the provisions of the Nigeria Data Protection Act (NDPA) 2023. The probe, which cuts across sensitive industries such as banking, insurance, pensions, and gaming, is aimed at tightening compliance with Nigeria’s new data privacy regime.
In a statement issued on Monday, the Head of Legal, Enforcement and Regulations at the NDPC, Mr. Babatunde Bamigboye, said the organisations under investigation include 795 financial institutions, 392 insurance brokerage firms, 35 insurance companies, 10 pension companies, and 136 gaming companies. He explained that the Commission has already served compliance notices to the affected organisations, directing them to provide evidence of adherence to the NDPA within 21 days or risk sanctions.
According to him, the firms are required to submit proof of filing their 2024 compliance audit returns, the appointment of a Data Protection Officer with full contact details, details of the technical and organisational measures they have in place for safeguarding data, and evidence of registration as data controllers or processors of major importance.
Bamigboye stressed that the move is in line with the Commission’s mandate to protect the rights and freedoms of data subjects under the 1999 Constitution while also boosting trust in Nigeria’s digital economy. He warned that responsible use of personal data is vital to the country’s participation in both regional and global markets, adding that the Commission will not hesitate to sanction any institution that fails to meet the requirements of the law.
