The Nigeria Data Protection Commission (NDPC) has directed organisations across the country to strengthen their data protection systems following rising threats targeting Nigeria’s digital infrastructure.

In a regulatory advisory signed on Thursday by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, the commission said its technical findings point to coordinated cyber activities aimed at financial systems and other critical national assets.

The NDPC noted that the growing sophistication of these threats requires urgent and deliberate action from both public and private institutions handling personal data.

According to the commission, “some shadowy threat actors have engaged in coordinated operations targeting financial systems and key digital infrastructure in Nigeria,” a development it described as a serious risk to data privacy and national security.

The commission reminded Ministries, Departments and Agencies (MDAs), as well as private sector operators, of their obligations under the Nigeria Data Protection Act, 2023, urging them to immediately reinforce their technical and organisational safeguards.

“The Commission strongly advises that data controllers and processors, including MDAs, are to urgently step up their technical and organisational measures to ensure the privacy of all Nigerians and other data subjects,” the statement said.

It also referenced a directive by President Bola Ahmed Tinubu, which underscored the strategic importance of data in national development and the need for its responsible management.

“Data is the new oil; its value increases the more it is refined and responsibly shared. I therefore direct all Ministries, Extra-Ministerial Departments and Agencies to capture information rigorously and safeguard it under the Nigeria Data Protection Act 2023,” the directive stated.

The NDPC outlined a range of steps expected of organisations, including the deployment of stronger access controls, adoption of multi-factor authentication systems, encryption of sensitive data, and continuous monitoring of networks to detect and respond to threats in real time.

It also emphasised the importance of conducting regular vulnerability assessments, securing cloud infrastructure, and ensuring proper management of digital credentials to prevent unauthorised access.

Beyond technical measures, the commission stressed the need for institutions to establish clear privacy policies, appoint qualified data protection officers, and carry out impact assessments to identify and mitigate risks associated with data processing activities.

The NDPC warned that organisations that fail to comply with the provisions of the law risk facing legal consequences, noting that enforcement mechanisms under the Nigeria Data Protection Act are already in place.

At the same time, it assured stakeholders of its readiness to provide regulatory support to help institutions align with best practices and strengthen their data protection frameworks.

The advisory comes amid heightened concerns over cyber security as Nigeria’s digital economy continues to expand, with authorities seeking to build resilience and protect sensitive information across sectors.