Fidelity Bank Fined by NDPC for Data Breach.
The Nigeria Data Protection Commission (NDPC) has imposed a fine of ₦555.8 million on Fidelity Bank for breaching customer data privacy laws. This penalty, announced by NDPC National Commissioner Vincent Olatunji at a workshop, represents 0.1% of the bank’s 2023 earnings and is one of the largest fines for such an infraction in Nigeria. The action underscores the increasing emphasis on data protection within Nigeria’s financial sector, setting a precedent for future enforcement of data privacy regulations.
The National Data Protection Commission (NDPC) in Nigeria has imposed a fine of ₦555.8 million on Fidelity Bank for breaches related to customer data protection. This decision was announced by Vincent Olatunji, the National Commissioner and CEO of NDPC, during a workshop on the Nigeria Data Protection Act in Abuja on August 21, 2024. Here’s a summary of the situation:
- Fine Details: The fine represents 0.1% of Fidelity Bank’s annual gross revenue for 2023, which was deemed the highest fine issued by the NDPC to date. This penalty was not only for the data breach but was also aggravated by what the NDPC described as the bank’s “arrogance and poor cooperation” during the investigation.
- Background: The investigation into Fidelity Bank began in April 2023, focusing on violations of the Nigeria Data Protection (NDP) Act, 2023, and the Nigeria Data Protection Regulation (NDPR), 2019. The breach involved the compromise of customer data, highlighting significant issues with data security and compliance.
- NDPC’s Stance: The NDPC has been pushing for greater compliance with data protection laws across various sectors in Nigeria, with this fine serving as a strong message about the importance of data security. They’ve also mentioned working on creating awareness and ensuring that organizations understand the implications of data breaches.
This incident underscores the increasing scrutiny on how companies handle personal data in Nigeria, with the NDPC aiming to enforce strict compliance with data protection regulations. The fine’s magnitude and the public announcement serve as a warning to other entities about the consequences of data breaches.