The Nigeria Data Protection Commission (NDPC) has launched a sweeping investigation into suspected data breaches across multiple sectors, targeting banks, insurance companies, pension firms, gaming operators, and insurance brokers. Announced on August 24, this sector-by-sector probe aims to enforce compliance with the Nigeria Data Protection Act (NDPA) of 2023, which seeks to protect citizens’ personal data and bolster Nigeria’s digital economy.
Babatunde Bamigboye, NDPC’s Head of Legal, Enforcement, and Regulations, stated that the commission issued compliance notices to 1,369 organizations, including 795 financial institutions, on August 24, 2025. These organizations must provide evidence within 21 days, by September 14, 2025, of their adherence to the NDPA. Required submissions include 2024 compliance audit returns, proof of a designated Data Protection Officer, technical and organizational data protection measures, and registration as a Data Controller or Processor of Major Importance. Failure to comply could lead to enforcement actions, including fines or criminal prosecution.
The NDPC’s move reflects its commitment to safeguarding Nigerians’ data rights under the 1999 Constitution. “Our personal information is our identity, and we can’t let it be mishandled,” said Bamigboye, emphasizing the probe’s role in fostering trust in Nigeria’s digital landscape. The investigation follows a history of enforcement, with the NDPC previously fining Multichoice Nigeria N766.2 million and Fidelity Bank N555.8 million for data violations, as reported on June 12, 2024.
Also Read: SERAP Urges Tinubu to Halt ‘Unconstitutional’ Politicians’ Pay Rise
The probe has sparked concern among Nigerians, many of whom rely on banks and insurers for financial security. A Lagos resident, Amaka Okoye, expressed worry: “I trust my bank with my savings, but hearing about data breaches makes me nervous. I hope this investigation forces them to take our privacy seriously.” The NDPC’s actions also align with global data protection standards, ensuring Nigeria’s participation in regional and international markets.
As the September 14 deadline looms, the NDPC vows to maintain accountability. The list of investigated organizations was published in major newspapers on August 25, 2025, signaling transparency. With data breaches posing risks like identity theft, this probe is a critical step toward protecting Nigerians and strengthening the nation’s digital future.
