By Onyeanya Ebere Immaculata
The Nigeria Data Protection Commission (NDPC), has announced plans to launch a nationwide investigation into companies suspected of violating the Nigeria Data Protection Act (NDP Act), 2023.
The probe will target organisations in banking, insurance, hospitality, pensions, gaming, and insurance brokerage to assess compliance with data protection requirements.
A list of affected firms will be published in major national newspapers on Monday, August 25, 2025.
According to a statement signed by the Commission’s Head of Legal, Enforcement and Regulations, Barrister Babatunde Bamigboye, the sector-wide investigation follows reports of suspected non-compliance with key provisions of the Act.
Companies under scrutiny must, within 21 days, submit evidence of 2024 compliance audit returns, appointment of a Data Protection Officer, summaries of technical and organisational safeguards, and proof of registration as a Data Controller or Processor of Major Importance.
Bamigboye warned that failure to comply could attract sanctions, including administrative fines, enforcement orders, or criminal prosecution.
He stressed that the NDP Act, 2023, was enacted to protect citizens’ data rights, strengthen Nigeria’s digital economy, and align the nation’s data governance framework with global standards.
The Commission reiterated its commitment to fostering accountability, safeguarding data subjects, and building trust in Nigeria’s data protection ecosystem.
