The Nigeria Data Protection Commission (NDPC) has commenced a sector-by-sector investigation of organisations suspected of failing to comply with the provisions of the Nigeria Data Protection Act (NDP Act), 2023.
The move, according to the Commission, is in line with its mandate to safeguard the rights and interests of data subjects as guaranteed under the 1999 Constitution, while also strengthening the foundations of Nigeria’s digital economy for trusted participation in regional and global markets.
In a statement signed by Babatunde Bamigboye, Esq., Head of Legal, Enforcement and Regulations at the NDPC, the Commission disclosed that it had issued Compliance Notices to certain organisations across insurance, pension, gaming, banking, and insurance brokerage sectors.
The list of affected organisations, the Commission said, will be published in major national newspapers on Monday, August 25, 2025.
According to the notice, the organisations are required, within 21 days, to provide evidence of filing their 2024 Compliance Audit Returns; appointment of a Data Protection Officer with full contact details; a summary of technical and organisational measures for data protection; and proof of registration as a Data Controller or Processor of Major Importance.
The Commission warned that failure to comply may attract enforcement actions, including Enforcement Orders, administrative fines, or criminal prosecution as stipulated under the NDP Act, 2023.
The NDPC reaffirmed its commitment to fostering accountability and trust in Nigeria’s data protection ecosystem, while protecting the rights of data subjects and ensuring the country’s digital economy remains globally competitive.
