The National Data Protection Commission (NDPC) has imposed a substantial fine of N555.8 million on Fidelity Bank for violating the National Data Protection (NDP) Act, 2023, and the Nigeria Data Protection Regulation (NDPR), 2019. This fine, which amounts to 0.1% of the bank’s annual gross revenue for 2023, marks the highest penalty ever issued by the commission, setting a new precedent in the enforcement of data protection laws in Nigeria.
National Commissioner Vincent Olatunji announced the hefty penalty during a workshop held in Abuja, where he criticized Fidelity Bank for its lack of cooperation during the investigation process. He highlighted that the bank’s dismissive attitude and poor collaboration with the commission significantly contributed to the severity of the penalty. The NDPC’s investigation, which began in April 2023, uncovered serious breaches in the handling and protection of customer data by the bank.
“The arrogance displayed by Fidelity Bank and their refusal to engage meaningfully with our investigation only worsened their situation,” Olatunji stated. He emphasized that the commission is committed to upholding data protection standards and will not hesitate to impose strict penalties on organizations that fail to comply with the regulations.
The fine must be paid within 14 days of receiving the notice, underscoring the NDPC’s resolve to enforce compliance swiftly. This action by the commission sends a clear message to all organizations operating within Nigeria: data protection is not optional, and breaches will be met with significant consequences.
This landmark case serves as a stark reminder to all financial institutions and businesses handling sensitive customer information that they must adhere to the highest standards of data protection. The NDP Act, 2023, and the NDPR, 2019, are designed to safeguard personal data, ensuring that individuals’ privacy is respected and protected from misuse or unauthorized access.
Fidelity Bank’s case is particularly noteworthy as it highlights the growing importance of data protection in Nigeria’s regulatory landscape. With the rapid digitization of financial services and the increasing volume of data being processed by banks and other organizations, the need for robust data protection practices has never been more critical.
The NDPC’s decision to impose such a significant fine reflects its determination to hold organizations accountable for data breaches, regardless of their size or influence. It also signals the beginning of a more rigorous enforcement regime, where non-compliance with data protection laws will attract severe penalties.
