Fidelity Bank was fined N555.8 million by the National Data Protection Commission for violations involving breaches of its clients’ data.
Vincent Olatunji, the commission’s National Commissioner, made the announcement on Wednesday during the Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive in Abuja.
He claimed that the tier one bank breached the NDP Act, 2023 and the NDPR, 2019 regarding data breaches and was fined 0.1% of the bank’s annual gross revenue in 2023.
The CEO stated that the fine, which is the biggest ever issued by the commission, was exacerbated by the bank’s arrogance and lack of cooperation during the investigation.
What they’re saying
Olatunji stated, “Data protection compliance is critical, and we have emphasised that non-compliance will result in punishment. We have fines ranging from N10 million or up to 2% of gross earnings for the previous year.
“But our approach has been to raise awareness and inform people about what we are supposed to be doing, and for the majority of breaches, we try to look at the level of breach, impact, number of data subjects affected, and level of cooperation by the organisation involved in the remuneration fee.”
“Since we began, the largest penalty we issued was yesterday (Tuesday) to fidelity bank. We imposed a fine of N555.8 million for violating the NDP Act of 2023 and the NDPR of 2019, which they must pay.
“ We have detected major breaches and have been working with them to investigate the matter since April 2023.However, by the time we finished our findings, they grew arrogant, so we decided to impose a full penalty on them, which is around 0.1% of their revenue for 2023.
“This is to be paid within 14 days upon the receipt of this Notice,” according to him.
Bottom Line
The NDPC’s move is a strong message to all organizations, especially in the financial sector, where customer data is highly sensitive and valuable.
The breach of the Nigeria Data Protection Act (NDP Act) of 2023 and the Nigeria Data Protection Regulation (NDPR) of 2019 by Fidelity Bank highlights the critical need for companies to prioritize the security of their clients’ data.
The fine also reflects the seriousness with which the NDPC views non-compliance, especially when organizations are uncooperative or dismissive during investigations.
