Nigeria’s Data Protection Commission (NDPC) has issued a 21-day compliance notice to suspected organisations that are non-compliant with the Nigeria Data Protection Act, 2023.
The move is described as “the commencement of a sector-by-sector investigation of organisations suspected of non-compliance with the provisions of the Act.”
The notice, issued pursuant to sections 5(i), 6(a), 6(c), 46(3), and 47(1)-(2) of the Act, was sent to organisations in banking, insurance, pension companies, gaming operators, and insurance brokers.
All the regulator is requesting within the 21 days includes:
• Evidence of filing NDP Act Compliance Audit Returns for 2024,
• Evidence of designation or appointment of a Data Protection Officer,
• A summary of technical and organisational measures for data protection within the organisation,
• Evidence of registration as a Data Controller or Processor of Major Importance.
“Failure to comply with this compliance notice may result in enforcement actions, including the issuance of an Enforcement Order, administrative fines, and/or criminal prosecution in accordance with the NDP Act, 2023,” the commission said in a statement.
The purpose of these actions, according to the regulator, is to “safeguard the fundamental rights, freedoms, and interests of data subjects as guaranteed under the Constitution of the Federal Republic of Nigeria, 1999.”
“The NDPC remains committed to ensuring a culture of accountability and trust in Nigeria’s data protection and privacy ecosystem while safeguarding the rights of data subjects and strengthening the nation’s digital economy.”
The NDPC has a track record of delivering on its mandate. A recent legal action was taken against Multichoice, where the commission fined the company ₦766 million for data privacy violations.
Also read:
- Nigeria Closed Over 13 Million Social Media Accounts in 2024 Under Compliance Rules
- Nigeria Data Protection Commission Investigates TikTok and Truecaller Over Data Privacy Violations
About Author
