Nigerian data agency to impose heavy violations in 2025
The Nigeria Data Protection Commission has announced plans to levy heavy fines on businesses that handle Nigerians' data—known as data controllers and data processors—beginning in 2025.Dr. Vincent Olatunji, the Commission's National Commissioner, revealed the move in his year-end outlook, highlighting a significant shift in the enforcement of the Nigeria Data Protection Act.
Dr. Olatunji emphasised that the NDPC has not yet issued any fines, but that this will change in the coming year. "Data controllers and processors will face massive enforcement in 2025. We have never issued any fines, but you will hear us issue severe penalties in the future," he stated.
The new enforcement strategy marks the start of a strong push by the Commission to uphold data protection laws and ensure businesses handle Nigerians' personal information responsibly. The NDPC is determined to hold organisations responsible for any violations of the NDPA.
In addition to enforcement, the NDPC intends to spur job creation by bringing trained data protection professionals into the workforce. Dr Olatunji stated that the second phase of the NDPC's 2023-2027 roadmap, which focusses on job creation and capacity building, will be a primary focus in 2025.
"Nigerians will start to see the results of the experts and professionals we trained last year. "We are creating a pool of globally competitive human capital in the data protection ecosystem," Dr. Olatunji stated. He stated that the demand for trained data protection professionals has increased, with many data controllers and processors looking for qualified individuals to help protect personal information.
The NDPC intends to continue its awareness campaign throughout Nigeria, ensuring that citizens understand their data privacy rights and the value of data protection. This outreach aims to close the gap between the growing demand for data protection expertise and the availability of trained professionals.
As part of its efforts to streamline data protection in Nigeria, the NDPC will require registration of all data controllers and processors. Dr. Olatunji previously laid out a timeline for the mandatory registration of over 500,000 organisations, including banks, telecom operators, insurance companies, schools, and other entities that handle personal data.
"All data controllers and processors must register with the data protection authority. The law requires that they become acquainted with the provisions of the law within six months," he said. To achieve this, the NDPC will launch additional awareness campaigns across the country, with a special emphasis on Abuja, in the coming months.
The registration deadline for data controllers is December 31, 2025. Following registration, organisations must submit annual audit reports between January 1 and March 31 of each year, detailing the safeguards they have in place to protect personal data.
The push for stronger data protection comes after President Bola Tinubu signed the Data Protection Bill into law on June 12, 2023. This law renamed the National Data Protection Bureau the Data Protection Commission, giving it the authority to enforce regulations and monitor NDPA compliance.
Data protection has become a global priority in recent years, with numerous data protection agencies, particularly in the European Union, imposing significant fines on multinational corporations for violating data privacy laws. Social media behemoths such as Meta, LinkedIn, and TikTok face significant penalties in 2024 for violating data protection regulations, highlighting the growing importance of protecting user data worldwide.
Leave A Comment