According to the Nigeria Data Protection Commission, investigations are presently being conducted into over a thousand financial organizations, educational institutions, insurance providers, and consulting firms for varying degrees of citizen data breaches.
This came as Vincent Olatunji, the National Commissioner of the commission, disclosed that four large banks and three other organizations were subject to fines and punishments totaling N400 million for violations involving breaches of people’ data.
Olatunji made this revelation on Tuesday at a Q&A session with media to commemorate a year since President Bola Tinubu signed the Nigeria Data Protection Commission Act into law in Abuja.
Tinubu approved the data protection bill on June 12, 2023, with the goal of advancing fundamental freedoms and privacy rights in both analog and digital transactions.
As long as citizen data is “processed in a fair, lawful, and accountable manner,” Nigerians can seek legal recourse for any kind of data breach.
“As of this time last year, we were so unsure if the president would assent to the bill—what if the president didn’t sign it, what would have happened?” the national commissioner nostalgically recalled. The bill was approved by the ninth Assembly, and typically, when a new administration takes office, it wants to undo all that the previous administration had done. It was a new government, which was more significant. Everyone was concerned and I was nervous, but I continued to have faith in God despite my uncertainty, and on June 12 of last year, the president signed it.”
Speaking further, Olatunji emphasized that the multiplier impact of passing the measure has allowed the nation’s data ecosystem to surpass a value of N10 billion.
In order to guarantee the safety, security, and protection of citizen data, he emphasized the commission’s dedication to protecting it in accordance with international best standards and practices.
“Over 1,000 reports of data breaches have been received cumulatively between the time we started and the present,” stated the national commissioner. Nigerians’ low degree of awareness is the reason for the low figure.
Approximately 400 of the 1,000 cases are digital revenue companies, also known as loan sharks. However, the majority of the cases are from the education sector, financial institutions, real estate, insurance, consulting, and schools. As of right now, we have completed four major investigations, and some of the parties involved have paid their remediation fees. The law allows us to fine businesses based on the type of violation, the effect it has on the matter, and the degree of cooperation. We also received N400 million in remediation payments.
He also mentioned that there were investigations into data violations going on.
Olatunji also emphasized how the Nigeria Data Protection Act is now more widely followed in both the public and private sectors as a result of the NDPC’s efforts.
“When we first started, the public sector had 4 percent compliance and the private sector had roughly 49%. Nevertheless, Olatunji stated that while the public sector has only attained 15% compliance, the private sector is currently at 55%.
The head of the NDPC also declared that Nigeria is now leading the Global Data Assembly’s operations and that the country has had an impact on the data ecosystem in the same way as countries like Kenya, Ghana, China, Singapore, and Malaysia, to name a few.
An important turning point for Nigeria is the Data Protection Act of 2023. On June 12, 2023, Mr. President signed the Act, allaying our fears. It was a significant turning point for the sector. The data ecosystem is now beyond the reach of everyone because of the influence of technology and its global nature.
In terms of generating wealth and jobs, advancing tourism, and improving Nigeria’s standing in the eyes of global investors, we have surpassed some other nations.
For this reason, Nigeria was granted the privilege of hosting all African Data Protection Commissions and institutions in 2024. Next year, Olatunji stated, “about thirty countries would be present for the event.”
He announced that the commission had reached an agreement to provide 10,000 public servants with training on responsible data management, and that the NDPC will train roughly 1,000 data protection officers and processors, including journalists.
Olatunji noted that the NDPC worked with the CBN, ICPC, EFCC, and other regulatory bodies to monitor the operations of digital lending platforms, while bemoaning the fact that the majority of illicit digital lending platforms lacked addresses that could be located.
Nonetheless, he emphasized that continued initiatives would concentrate on increasing awareness among susceptible Nigerians who become victims of loan sharks as a result of ignorance. He pointed out that the country’s enormous population and landmass make it difficult to completely eradicate the operations of digital loan sharks because many of them are based in rural or distant locations without access to identifiable addresses.
