Data: Defaulting Processors, Controllers To Face The Music In 2025, NDPC Vows

The Nigeria Data Protection Commission (NDPC) has announced its plan to intensify enforcement actions and impose significant fines on data controllers and processors that violate the Nigeria Data Protection Act (NDPA) of 2023. This announcement was made by the National Commissioner/CEO of the NDPC, Dr. Vincent Olatunji, in a video message detailing the Commission’s agenda for 2025.

According to a statement from the NDPC’s Communications Division, Dr. Olatunji emphasized that there will be a substantial increase in enforcement efforts, particularly aimed at defaulting data controllers and processors. “We have never really issued any fine, but going forward, you’ll hear us giving heavy penalties,” he stated, reinforcing the Commission’s commitment to protecting Nigerians’ data rights as guaranteed under the NDPA.

The NDPC has been proactive in engaging with both public and private sector stakeholders to raise awareness and ensure compliance with data protection regulations. Dr. Olatunji highlighted that these efforts have led to the signing of Memorandums of Understanding (MOUs) with important organizations, such as the National Insurance Commission (NAICOM), the National Lottery Regulatory Commission (NLRC), the Data Privacy Office of Canada, and the Dubai International Financial Centre Authority (DIFC).

Looking ahead to 2025, Dr. Olatunji shared that the NDPC will advance to the second phase of its Strategic Roadmap and Action Plan (NDP-SRAP 2023-2027). This phase aims to create job opportunities within Nigeria’s data protection and privacy sector, with a particular focus on training and certifying young professionals. He noted that many data controllers and processors are actively seeking qualified individuals to work with, and that the Commission’s training efforts will help launch new experts into the job market.

Furthermore, the NDPC will continue its nationwide efforts to increase public awareness about data protection and privacy rights. The Commission aims to educate citizens about the importance of safeguarding personal information, while reminding data controllers and processors of their obligations under the NDP Act.

In addition to national efforts, Nigeria will host the “Network of African Data Protection Authorities Conference” in May 2025. The conference, which will bring together over 40 nations with established data protection laws, is expected to position Nigeria as a key player in the global data protection ecosystem and provide significant economic benefits to the country.

The NDPC reiterated its commitment to ensuring that data protection and privacy become central to Nigeria’s digital transformation, fostering trust and promoting economic growth.