The Nigeria Data Protection Commission (NDPC) says the federal government has fined Fidelity Bank Plc. N555.8 million for data breaches.
The National Commissioner of NDPC, Vincent Olatunji, said this at the Nigeria Data Protection (NDP) Act General Application and Implementation Directive (GAID) validation workshop in Abuja.
Mr Olatunji recalled that President Bola Tinubu signed the NDP Act into law on 12 June 2023, thereby empowering the commission to enforce compliance of data protection on organisations by way of fines and other means.
He said that the commission commenced an investigation into Fidelity Bank in April 2023 and, upon conclusion, found that it defaulted.
“The penalty is huge if you don’t comply; penalties can range from N10 million to even up to two per cent of the organisation’s annual gross income for the previous year.
“Most of the breaches we have treated, we look at the level of the breach, the impact, the number of data subjects affected and the level of cooperation that is involved.
“Since we started, the only time we issued a major penalty was yesterday on Fidelity Bank; a fine of N555,800,000 after we observed some breaches.
“We have been working with them since April 2023 on the investigation and, by the time we finalised, we decided to issue a full penalty on them, which is about 0.1 per cent of the gross earnings for 2023.”
Mr Olatunji also explained that the commission was engaging with stakeholders across the board and collating their input, which would form the final guide document.
He recalled that a similar workshop was held in Lagos on 19 June for about 70 per cent of data protection organisations in the private sector.
“We want to ensure everyone is involved in what we are doing and, by the time the document is out, we will all see that we have been able to make our own input; it is just an extension of the law.
“We will look at the relevance of the inputs and use them to develop a standard document that can be of global standard.”
He said the commission was deploying a Public Private Partnership model to ensure compliance with data protection.
“We have licensed about 194 professionals on data protection.
“The licensed data protection professionals go round organisations and take them through compliance in terms of crafting their privacy policy.
“They help in creating awareness within the organisations, letting them know their obligations under the law and carrying out data protection impact assessments.
“They train the staff, register them with us and submit their annual report to the NDPC; with this, we will know the level of compliance.”
The commissioner noted that the successful implementation of the NDP Act required collaborative efforts among all relevant stakeholders, organisations, businesses and data protection professionals.
He, therefore, called for constant dialogue and communication with the Commission in implementing the NDP Act.
“Collaborative efforts will foster a data ecosystem that respects privacy and protects personal data subjects,” Mr Olatunji said.