2025 Agenda: NDPC To Intensify Enforcement, Impose Fines For Data Breaches
By Stella Enenche, Abuja
The Nigeria Data Protection Commission (NDPC) has announced plans to carryout massive enforcement and impose substantial fines on erring data controllers and processors that violate the Nigeria Data Protection Act (NDPA) of 2023.
The National Commissioner, Dr Vincent Olatunji, made this known on Friday in a video outlining the Commission’s 2025 agenda.
Dr Olatunji stated, “For data controllers and processors, there is going to be massive enforcement. We have never really issued any fine, but going forward, you’ll hear us giving heavy penalties,” he said.
He assured Nigerians that their data rights, as guaranteed by the NDPA, will be fully protected, and defaulting data controllers and processors will face strict consequences.
The Commissioner highlighted the NDPC’s extensive engagements with stakeholders across public and private sectors to promote awareness and compliance with the Commission’s mandate.
He said these efforts have resulted in the signing of Memorandums of Understanding (MOUs) with key organisations, including the National Insurance Commission (NAICOM), National Lottery Regulatory Commission (NLRC), the Data Privacy Office of Canada, and the Dubai International Financial Centre Authority (DIFC), among others.
Dr Olatunji disclosed that the commission will advance to the second phase of its Strategic Roadmap and Action Plan (NDP-SRAP 2023-2027) in 2025.
This phase according to him,is expected to create job opportunities within Nigeria’s data protection and privacy ecosystem, particularly for young people.
The Commission has been actively training Nigerians in data protection and privacy, creating a pool of globally competitive experts within the data protection sector in 2025.
“There are a lot of data controllers and processors that are looking for people to work with them. Now those that we have trained in 2024, those we have certified, we are going to do more this year to actually launch them to the job market where they can really work with data controllers and processors,” he said.
“Additionally, the NDPC will continue nationwide efforts to promote data protection awareness. The Commission aims to educate citizens about their rights and the importance of data privacy while reminding data controllers and processors of their obligations under the NDP ,” he said.
Act. Dr Olatunji emphasised that these initiatives are part of the broader goal to embed a culture of data protection and privacy in Nigeria.
As part of its international engagement efforts, Nigeria will host the “Network of African Data Protection Authorities Conference” in May 2025, with over 40 nations with existing data protection laws expected to attend.
According to Dr Olatunji, this global event will position Nigeria as a leader in the data protection ecosystem, and bring significant economic benefits to the country.
The NDPC reiterated its commitment to ensuring data protection and privacy become integral to Nigeria’s digital landscape, building trust and fostering economic growth.
