NDPC to Enforce Heavy Fines on Businesses Handling Nigerians’ Data in 2025
The Nigeria Data Protection Commission (NDPC) has announced plans to impose significant penalties on businesses handling Nigerians’ data, commonly referred to as data controllers and data processors, starting in 2025. This was disclosed by the National Commissioner of the Commission, Dr. Vincent Olatunji, as part of the agency’s outlook for the year.
Enforcement of Nigeria Data Protection Act (NDPA)
Dr. Olatunji revealed that while the NDPC has not previously fined any organization, this will change as the commission begins rigorous enforcement of the Nigeria Data Protection Act (NDPA).
“For data controllers and processors, there is going to be massive enforcement in 2025. We have never issued any fines, but going forward, you will hear us issuing heavy penalties,” he stated.
Boosting Job Creation Through Data Protection
The Commissioner also highlighted the NDPC’s commitment to creating jobs in the data protection ecosystem. He noted that the commission trained and certified data protection experts in 2024, and 2025 will mark the beginning of their contributions to the job market.
“There are a lot of data controllers and processors looking for people to work with them. The professionals we trained last year will now be launched into the job market to work with these organizations,” he explained.
In addition, the NDPC plans to continue its nationwide awareness campaigns to educate Nigerians about their data rights.
Registration and Annual Audit Compliance
Ahead of its enforcement drive, the NDPC set a registration deadline for all data controllers and processors, including banks, telecom operators, insurance companies, and schools. Dr. Olatunji emphasized that registration is crucial for proper monitoring and regulation.
“All data controllers and processors, over 500,000 in Nigeria, are required by law to register with the NDPC. We have given them six months to familiarize themselves with the provisions of the law, and registration must be completed by December 31,” he said.
The NDPC also mandated that registered entities submit their annual audit reports between January 1 and March 31, 2024. These reports should detail the measures they have implemented to safeguard data in their custody.
This new phase of enforcement reflects the NDPC’s dedication to strengthening Nigeria’s data protection framework, fostering accountability among businesses, and enhancing public awareness of data privacy rights.
Source: Nairametrics
