In a significant enforcement action, Nigeria’s National Data Protection Commission (NDPC) has levied a record fine of N555.8 million on Fidelity Bank for breaches of data protection regulations.
The penalty, announced by NDPC National Commissioner Vincent Olatunji during a workshop on the Nigeria Data Protection Act General Application and Implementation Directive in Abuja on Wednesday, represents 0.1% of the bank’s annual gross revenue for 2023.
Olatunji disclosed that Fidelity Bank’s violations pertained to the National Data Protection Act (NDP Act) 2023 and the Nigeria Data Protection Regulation (NDPR) 2019. This fine is the largest ever imposed by the commission, reflecting the severity of the breaches involved.
“Data protection compliance is non-negotiable, and our penalties are designed to enforce this,” Olatunji remarked. “Fines can range from N10 million to up to 2% of a company’s gross earnings from the previous year, depending on the nature and impact of the breach.”
“But our approach has been creating awareness and letting people know what we are supposed to be doing and most of the breaches we try to look at the level of breach, impact, and the number of data subjects affected and the level of cooperation by the organisation involved on the remuneration fee,” he said.
Despite the NDPC’s efforts to work collaboratively with Fidelity Bank since April 2023 to address the issues, Olatunji indicated that the bank’s increasing resistance led to the imposition of the maximum penalty. The fine, which is due within 14 days of the notice, underscores the NDPC’s stringent approach to enforcing data protection laws and highlights the growing importance of compliance in Nigeria’s financial sector.
“Since we started, the major penalty we issued was yesterday (Tuesday) on fidelity bank. For the violation of the NDP Act, 2023, and the NDPR, 2019, we issued a fine of N555.8m and they have to pay. We have observed serious breaches and we have been working with them, investigating the issue since April 2023. But by the time we finalised our findings, they became arrogant and we decided to issue a full penalty on them which is about 0.1 per cent of their earnings for 2023.
“This is to be paid within 14 days upon the receipt of this Notice,” he added.
Discussion about this post