The Nigeria Data Protection Commission (NDPC) has launched a sector-wide investigation into organisations suspected of breaching provisions of the Nigeria Data Protection Act (NDPA) 2023.
According to Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the Commission, the move is part of NDPC’s mandate to safeguard the rights and freedoms of data subjects as guaranteed by the 1999 Constitution.
He noted that the NDPA was enacted to strengthen the legal framework of Nigeria’s digital economy while promoting responsible data use for the country’s active participation in regional and global markets.
The ongoing probe will cover institutions across insurance, pensions, banking, gaming, and brokerage services. Bamigboye revealed that compliance notices have already been issued to some organisations listed in the Commission’s schedule.
These entities are required, within 21 days, to submit evidence of:
- Filing of their 2024 NDPA Compliance Audit Returns,
- Appointment of a Data Protection Officer (with full contact details),
- Technical and organisational measures adopted for data protection, and
- Registration as a data controller or processor of major importance.
Failure to comply, he warned, may attract enforcement actions, administrative fines, or criminal prosecution in line with the NDPA.
Bamigboye reiterated that the Commission remains committed to fostering accountability and trust in Nigeria’s data protection and privacy ecosystem, while supporting the growth of the digital economy.