The Nigeria Data Protection Commission, NDPC), has disclosed that it has put four banks, one university and some others under its radar over alleged data breach.
The National Commissioner of the Commission, Mr Vincent Olatunji, made the disclosure in a statement on Thursday.
He also made it known that NDPC has commenced the investigation of over 400 complaints in the online lending sector.
Data breach has to do with accessing confidential information without any authorisation.
NPDC fingered Zenith Bank, Fidelity Bank, Unity Bank, GTBank, Babcock University and Leadway Insurance, among others, for the alleged infraction.
The NDPC boss further said the investigation became necessary, as a result of complaints from data subjects.
He said, with the new Nigerian Data Protection Act (NDPA), the Commission was empowered with a legal framework to address issues of citizens’ data breaches.
“In the last few weeks, the NDPC has received complaints bordering on unlawful data processing, unauthorised access to personal data and violation of data subjects’ rights,” Olatunji stated.
“Under Part 10 of the newly-signed NDPA 2023, a data controller with a turnover of N200 billion yearly may pay as high as N2 billion, which represents two per cent of the gross revenue.
“Not only that, offenders also risk up to one-year jail term.
“We are currently investigating Guarantee Trust Bank, Fidelity, Unity, Zenith banks, Leadway Insurance and Babcock University, among others, for data breach,” the NPDC boss added.
According to him, many micro-finance banks are yet to align their operations with data privacy and protection requirements.
He further revealed that loan organisations would face the law with the new mandate of the Federal Competition and Consumer Protection Commission.
Mr Olatunji said the mandate required loan organisations to seek compliance and clearance from NDPC before approving online lenders.
“The commission is investigating over 400 complaints in the online lending sector.
“Soko Loan is already working on a comeback to the digital lending market, but yet to be approved,” Olatunji further disclosed.
He, however, said NDPC was engaging in sensitisation exercises to ensure that data controllers understood the implications of a data breach.
According to the NDPC national commissioner, the Commission prioritises awareness more than the scorched earth enforcement process.
