The Nigeria Data Protection Commission (NDPC) has fined Fidelity Bank Plc the sum of N555, 800,000 for data breach Nigeria Data Protection (NDP) Act 2023.
The notice of fine was published in a press release signed by Mr. Babatunde Bamigboye,
Head of Legal Enforcement and Regulations NDPC.
This was further confirmed by the National Commissioner of NDPC, Dr Vincent Olatunji, at the Nigeria Data Protection (NDP) Act General Application and Implementation Directive (GAID) validation workshop in Abuja Nigeria’s capital. A workshop held to discuss, examine, and share insights on the GAID, ensuring that the needs and concerns of all stakeholders are addressed while promoting best practices in data protection and privacy.
Dr. Olatunji noted that the Commission commenced an investigation on Fidelity Bank in April 2023, which they had concluded and found it defaulted to the NDP Act 2023 and NDPR 2019.
He said; “The penalty is huge, if you don’t comply, penalties can range from N10 million, even up to two per cent of the organisation’s annual gross income for the previous year.
“Most of the breaches we have treated, we look at the level of the breach,the impact, and the number of data subjects affected and the level of cooperation that is involved.”
He noted that since the commission started, the major penalty it issued was yesterday (Tuesday) on fidelity bank which is for the violation of the NDP Act, 2023, and the NDPR, 2019. He noted that the commission issued a fine of N555.8m and the bank has to pay.
“Since we started the only time we issued a major penalty was on Tuesday on Fidelity Bank, a fine of N555,800,000.
The national commissioner explained that the commission’s investigation into the data breaches at Fidelity Bank had been ongoing since April 2023, during which time serious violations were observed. However, upon finalising its findings, the NDPC was dismayed to find that the bank had become uncooperative and arrogant in its dealings with the commission.
Olatunji stated that the bank’s behavior during the investigation led to the commission’s decision to impose the maximum fine, which amounted to 0.1% of Fidelity Bank’s 2023 earnings. The fine, he stated, was to be paid within 14 days of receiving the notice from the NDPC.
“We observed some breaches, we have been working with them since April 2023 on the investigation and by the time we finalised, they became arrogant so we decided to issue a full penalty on them, which is about 0.1 per cent of the gross earning for 2023,” Dr Olatunji said.
He emphasised the importance of understanding the NDP Act to enhance Nigeria’s relevance in the global privacy ecosystem and to promote the Nigeria Data Protection ecosystem as one of the best in the world.
Dr Olatunji further said that ”the NDP Act is regarded as one of the most progressive laws globally.”
He stated they were engaging stakeholders across the board, collating their input which would form the final guide document.
