The Nigeria Data Protection Commission (NDPC) has levied a significant fine of N555.8 million against Fidelity Bank Plc for violations of data protection regulations. This fine, one of the largest issued under the newly enacted Nigeria Data Protection (NDP) Act, underlines the federal government’s heightened commitment to enforcing data privacy and security standards in the country.
The NDPC’s National Commissioner, Vincent Olatunji, disclosed the details of the fine at the Nigeria Data Protection (NDP) Act General Application and Implementation Directive (GAID) validation workshop in Abuja. According to Olatunji, the NDPC initiated an investigation into Fidelity Bank’s data practices in April 2023, which revealed significant breaches of the NDP Act.
The investigation, which lasted several months, culminated in a decision to impose a fine that amounts to 0.1% of the bank’s gross earnings for 2023.
Tekedia Mini-MBA edition 15 (Sept 9 – Dec 7, 2024) has started registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
“The penalty is huge if you don’t comply; penalties can range from N10 million to even up to two per cent of the organisation’s annual gross income for the previous year,” said Olatunji.
He added, “We have been working with them since April 2023 on the investigation and, by the time we finalised, we decided to issue a full penalty on them, which is about 0.1 per cent of the gross earnings for 2023.”
This action against Fidelity Bank is part of a broader trend of increasing regulatory scrutiny and penalties for data privacy violations by Nigerian authorities. Recently, the Federal Competition and Consumer Protection Commission (FCCPC) also imposed hefty fines on major corporations for non-compliance with data privacy regulations.
The FCCPC levied a $220 million fine against WhatsApp for data privacy breaches. Coca-Cola was also fined for failing to comply with consumer protection standards. These cases signal a shift towards stricter enforcement of regulations designed to protect consumer data and privacy.
Olatunji highlighted the importance of these penalties in promoting compliance across the board. “Most of the breaches we have treated, we look at the level of the breach, the impact, the number of data subjects affected and the level of cooperation that is involved,” he noted, emphasizing the NDPC’s commitment to holding organizations accountable.
Impact on Fidelity Bank
The N555.8 million fine comes at a challenging time for Fidelity Bank, which recently raised N127 billion through rights and public offers to bolster its capital base, following the recapitalization directive to banks by the Central Bank of Nigeria. However, this substantial fine could potentially impact its financial stability and investor confidence, particularly in a market that is already grappling with economic uncertainty.
The fine is expected to serve as a wake-up call to other financial institutions and corporations in Nigeria about the importance of compliance with data protection laws.
Olatunji emphasized the NDPC’s proactive approach to engaging with stakeholders to ensure that the implementation of the NDP Act is comprehensive and inclusive. He noted that the commission is working closely with data protection organizations and professionals to develop guidelines that will help organizations comply with the law.
“We want to ensure everyone is involved in what we are doing and, by the time the document is out, we will all see that we have been able to make our own input; it is just an extension of the law,” Olatunji stated.
He also highlighted the Public-Private Partnership (PPP) model being deployed by the NDPC to ensure widespread compliance. This model involves licensing data protection professionals to assist organizations in developing privacy policies, conducting data protection impact assessments, and training staff on their obligations under the law.
The fine against Fidelity Bank is likely to be one of many as the NDPC continues to hold organizations accountable for data breaches. This trend is expected to have a significant impact on the corporate sector, particularly as more government agencies and regulatory bodies begin to impose similar penalties for non-compliance with various regulations.
The NDPC’s actions are also expected to encourage a more robust data protection culture in Nigeria, ensuring that organizations take the necessary steps to safeguard consumer data. Experts believe this will be crucial as Nigeria continues to integrate with the global digital economy, where data privacy and security are becoming increasingly critical.
Olatunji said there is a need for continued collaboration between the NDPC and all relevant stakeholders to foster a data ecosystem that respects privacy and protects personal data.
“Collaborative efforts will foster a data ecosystem that respects privacy and protects personal data subjects,” he said.