The Nigeria Data Protection Bureau (NDPB) has said that it is currently investigating over 110 companies in Nigeria over allegations of data breach.
The National Commissioner of the Bureau, Dr Vincent Olatunji, disclosed this at a media roundtable in Lagos.
According to him, the companies being investigated include banks, telecom firms, gaming companies, and online lending companies. He said the vulnerabilities in these sectors are high partly due to the capabilities of intrusive mobile apps they deploy in rendering their services.
Cases of abuse: Highlighting the efforts of the Bureau in ensuring the protection of Nigerians’ data in line with the Nigeria Data Protection Regulation, Olatunji said:
- ‘’We are investigating over 110 data controllers and data processors for various degrees of data privacy and protection breaches. The most worrisome are those in the financial, telecom, gaming, and online lending industries.
- “When you factor in the lack of due diligence on the part of data controllers in engaging data processors or vendors that have access to the personal data of customers, you find in some cases abuse and violation of the Nigeria Data Protection Regulation (NDPR) and section 37 of the 1999 Constitution.”
He said that the position of the government is that those who are into data would have nothing to fear but the consequences of their acts and omissions might constitute a civil or criminal liability. He added that the Nigeria Police Force is currently working with the bureau in this regard.
Additional DPCOs licensed: Olatunji disclosed that the Bureau recently licensed additional 48 Data Protection Compliance Organisations (DPCOs), which increased the number of DPCOs to 138. According to the National Commissioner, this has boosted wealth and job creation in the ecosystem.
He said that Nigeria was prepared for a leading role in advancing data protection and exploring the opportunities of the global digital economy. Olatunji reassured citizens that every data controller and data processor within or outside Nigeria would be held accountable for any unlawful processing of personal data from their jurisdiction.
The NDPB was established in February 2002 by President Muhammadu Buhari as the nation’s data protection authority and to fully implement the provisions of the Nigeria Data Protection Regulation (NDPR) issued in 2019.