• Firms given 21-day ultimatum to respond to queries
Banks, insurance, pensions, gaming and insurance brokerage firms are among the 1,369 indigenous firms identified by the Nigeria Data Protection Commission (NDPC) to have flouted provisions of the Nigeria Data Protection Act (NDPA) 2023.

NDPC in a statement yesterday, signed by Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, said it has handed the companies, which include 795 financial institutions, 21 days to submit evidence of compliance with the NDPA or face sanctions.

The list of companies published by the Commission also includes 392 insurance broker firms, 35 insurance companies, 10 pension companies and 136 gaming companies.

Bamigboye explained that the move aligned with the NDPC’s mandate to protect the rights and freedoms of data subjects under the 1999 Constitution while strengthening Nigeria’s digital economy.

He stressed that responsible use of personal data is crucial to the country’s trusted participation in both regional and global markets.

According to him, the Commission has already issued compliance notices to the organisations, demanding they show proof of adherence to key provisions of the NDPA.

These include filing their 2024 compliance audit returns, appointing data protection officers with full contact details, outlining technical and organisational data protection measures and confirming registration as a data controller or processor of major importance.

“The organisations are required to, within 21 days of issuance, provide evidence of filing NDP Act Compliance Audit Returns for 2024, evidence of designation or appointment of a Data Protection Officer, including name and contact details.

“They are also to provide a summary of technical and organisational measures for data protection within the organisation and evidence of registration as a data controller or processor of major importance,” the Commission stated.

The NDPC stressed that its actions were designed not only to enforce compliance but also to protect Nigerians’ data rights.

It said the NDP Act was enacted to “safeguard the fundamental rights, freedoms, and interests of data subjects as guaranteed under the Constitution,” while also providing a legal framework to ensure Nigeria’s “trusted and beneficial participation in regional and global economies through responsible use of personal data”.

The Commission further reaffirmed its resolve to entrench accountability in the country’s data protection ecosystem.

“The NDPC remains committed to ensuring a culture of accountability and trust in Nigeria’s data protection and privacy ecosystem, while safeguarding the rights of data subjects and strengthening the nation’s digital economy,” the statement added.