The Nigeria Data Protection Commission (NDPC) has unveiled plans to enhance compliance enforcement rigorously and impose significant fines on data controllers and processors violating the Nigeria Data Protection Act (NDPA). This announcement was made by Dr. Vincent Olatunji, the National Commissioner and CEO of the Commission, during a recent video presentation outlining the organization’s objectives for 2025, which was shared via its social media channels over the weekend.
Dr. Olatunji emphasized that the NDPC intends to initiate comprehensive enforcement measures. He stated, “We have never really issued any fines, but going forward, you’ll hear us giving heavy penalties.” This shift signals a marked increase in the agency’s commitment to ensuring data protection compliance among organizations handling personal data.
In affirming the NDPC’s commitment to safeguarding the data rights of Nigerian citizens as enshrined in the NDPA, Olatunji assured that those found in default would face stringent repercussions. He elaborated on the Commission’s proactive engagements with stakeholders across both public and private sectors to foster awareness and adherence to data protection standards mandated by the NDPA.
Notably, these collaborative efforts have resulted in the establishment of Memorandums of Understanding (MOUs) with several key organizations, such as the National Insurance Commission (NAICOM), the National Lottery Regulatory Commission (NLRC), the Data Privacy Office of Canada, and the Dubai International Financial Centre Authority (DIFC). These partnerships are pivotal in enhancing compliance frameworks and promoting a culture of data protection.
Looking ahead, Dr. Olatunji announced that the NDPC is set to enter the second phase of its Strategic Roadmap and Action Plan (NDP-SRAP 2023-2027) in 2025. This upcoming phase is expected to create numerous job opportunities within Nigeria’s data protection and privacy sector, especially for the youth. He remarked on the NDPC’s ongoing training initiatives aimed at developing a skilled workforce capable of meeting the demands of the data protection landscape.
“The commission has been actively training Nigerians in data protection and privacy, creating a pool of globally competitive experts within the data protection sector,” he noted. Moving forward, the NDPC aims to launch these trained professionals into the job market to fill the increasing demand from data controllers and processors.
Furthermore, the NDPC will persist in its nationwide campaign to promote data protection awareness among Nigerians. As part of this initiative, the Commission seeks to educate citizens on their data rights and the significance of data privacy, whilst reiterating the obligations that data controllers and processors must uphold under the NDPA.
Dr. Olatunji underscored that these initiatives are integral to fostering a robust culture of data protection and privacy throughout Nigeria. Additionally, Nigeria is poised to host the “Network of African Data Protection Authorities Conference” in May 2025, which is anticipated to attract over 40 countries with established data protection laws. Olatunji indicated that this event will bolster Nigeria’s standing as a leader in the data protection ecosystem and yield significant economic benefits.
The NDPC remains steadfast in its mission to embed data protection and privacy into Nigeria’s digital framework, thereby fostering trust and driving economic growth in the digital economy.
