Pulse logo
Pulse Region

NDPC investigates banks, varsity, others over alleged data breach

The commission listed Zenith, Fidelity, Guarantee Trust Banks, Babcock University and Leadway Insurance, among others for the interaction.
Nigeria Data Protection Commission (NDPC) [NAN]
Nigeria Data Protection Commission (NDPC) [NAN]

The commission listed Zenith, Fidelity, Guarantee Trust Banks, Babcock University and Leadway Insurance, among others for the interaction.

Dr Vincent Olatunji, the National Commissioner of NDPC, disclosed this in a statement issued by Mr Itunu Dosekun, Head, Media, on Thursday, June 29 2023 in Abuja. Olatunji said the investigation came following complaints from data subjects.

He explained that with the new Nigerian Data Protection Act (NDPA), the commission had been empowered with a legal framework to address issues on citizens’ data breach.

In the last few weeks, the NDPC have received complaints bothering on unlawful data processing, unauthorised access to personal data and violation of data subjects’ rights.

“Under Part 10 of the newly signed NDPA 2023, a data controller with a turn-over of N200 billion yearly may pay as high as N2 billion, which represents two per cent of the gross revenue.

“Not only that, offenders also risk up to one year jail term.

“We are currently investigating Guarantee Trust Bank, Fidelity, Unity, Zenith banks, Leadway Insurance and Babcock University, among others, for data breach,” Olatunji said.

According to him, many micro-finance banks are yet to align their operations with the requirements of data privacy and protection. He further revealed that loaning organisations would face the law with the new mandate of the Federal Competition and Consumer Protection Commission.

Olatunji said the mandate required loan organisations to seek compliance and clearance from NDPC before granting approval to online lenders.

The commission is investigating over 400 complaints in the online lending sector.

“Soko Loan is already working on a come back to the digital lending market, but yet to be approved,’’ said the commissioner.

He, however, said that the commission was engaging in serious sensitisation exercise to ensure that data controllers understood the implications of data breach. According to him, the commission prioritises awareness more than scorched earth enforcement process. 

Next Article