The Nigerian Data Protection Commission (NDPC) has begun a comprehensive investigation into 1,369 organisations that may have violated the 2023 Data Protection Act (NDPA).
Banking, insurance, pensions, gaming, and brokerage are some of the most sensitive industries in the economy, and the investigation demonstrates how the regulator is stepping up enforcement in the digital economy.
Compliance notices
According to Babatunde Bamigboye, head of legal, enforcement, and regulations at the NDPC, the companies under investigation have received compliance notices requesting evidence that they are abiding by the rules.
In addition to appointing a Data Protection Officer and documenting the organisational and technical safeguards to protect customer data, each must provide proof of 2024 compliance audit returns.
“The Commission’s actions are consistent with its constitutional duty to safeguard the rights and freedoms of Nigerian citizens, while strengthening trust in the digital economy,” Bamigboye explained.
Scope of the investigation
The scope of the investigation is broad. Among the targets are 392 insurance brokers, 35 insurance companies, 10 pension fund managers, 136 gaming operators, and 795 financial institutions.
These industries work together to handle enormous amounts of private and financial information, which makes them crucial test subjects for Nigeria’s one-year-old data protection law.
To comply with the NDPA 2023, businesses must register as data controllers or processors, conduct compliance audits, and appoint specialised data protection officers.
The objective is to bring Nigeria’s digital economy into compliance with international standards and to assure citizens that their data is not being misused or traded carelessly.
Warning shot to companies
Recent enforcement actions highlight the stakes. In April, the NDPC fined MultiChoice Nigeria ₦766.2 million for violating customer privacy rights and transferring subscriber data illegally across borders. That sanction warned companies that compliance is now mandatory.
The message for companies is clear: in an economy where consumer trust is brittle, noncompliance puts them at risk of fines and harm to their reputation.
Already struggling with regulatory expenses, banks, insurance companies, and pension funds now have to deal with additional scrutiny. Gaming companies will also feel the heat, many of which are digital-first and have been subject to minimal regulation until now.
Importance of data protection to Nigeria’s digital transformation plan
Dr. Vincent Olatunji, the National Commissioner of the NDPC, has repeatedly emphasised the importance of data protection to Nigeria’s digital transformation plan.
“Responsible use of personal data is crucial if Nigeria is to participate credibly in regional and global markets,” he said in a recent briefing.
The inquiry reflects a larger global trend: as worries about privacy, cybercrime, and the monetisation of personal data grow, regulators are strengthening their oversight of data. Nigeria, Africa’s most significant digital market, cannot afford to fall behind.
New hires, improved systems, and cultural changes in handling customer data will probably be necessary for compliance for the 1,369 businesses in the NDPC’s crosshairs. Stronger digital trust, increased investor confidence, and a more robust digital economy could benefit Nigeria.