The Nigeria Data Protection Commission (NDPC) has commenced a sector-by-sector investigation of organisations suspected of violating provisions of the Nigeria Data Protection Act (NDP Act), 2023.
The Act, which safeguards the rights of data subjects and underpins Nigeria’s digital economy, mandates organisations to adopt responsible practices in the handling of personal data.
In line with Sections 5(i), 6(a), 6(c), 46(3), and 47(1)-(2) of the NDP Act, Compliance Notices have been issued to selected organisations drawn from the insurance, pension, gaming, banking, and brokerage sectors. The full list will be published on Monday, August 25, 2025, in major national newspapers.
Affected organisations are required within 21 days to submit:
1.Evidence of filing NDP Act Compliance Audit Returns for 2024.
2.Details of their Data Protection Officer (name and contact).
3.Summary of technical and organisational data protection measures.
4.Evidence of registration as a Data Controller or Processor of Major Importance.
The Commission warns that failure to comply may attract enforcement measures, including Enforcement Orders, administrative fines, or criminal prosecution.
NDPC reaffirms its commitment to promoting accountability, protecting citizens’ data rights, and fostering a trusted digital economy.
