Latest News Technology

Nigeria Data Protection Commission fines Fidelity Bank N555.8 million for major data breach

NDPC fine Fidelity

The Nigeria Data Protection Commission (NDPC) has imposed a significant fine of N555.8 million on Fidelity Bank for breaching the Nigeria Data Protection Act. This fine represents 0.1% of Fidelity Bank’s annual gross revenue for 2023. Fidelity Bank is required to settle the fine within 14 days of receiving the official notice.

The fine follows an investigation initiated by a complaint lodged in April 2023, which alleged that Fidelity Bank processed personal data without proper legal consent. The complaint, filed by a data subject, revealed that the bank had collected and processed personal information unlawfully to open an account.

Infringement of data protection laws

The NDPC’s review uncovered that Fidelity Bank’s data processing practices violated the Nigeria Data Protection Act (NDPA). Specifically, the bank was found to process personal data without obtaining informed consent from data subjects. The Commission noted the misuse of data processing tools such as cookies and banking apps. At the time of the investigation, Fidelity Bank’s banking app had been downloaded over one million times.

The NDPC also highlighted issues with third-party data processors associated with the bank. The NDPA mandates that not only must organizations comply with data protection laws, but their vendors and contractors must also adhere to these regulations.

NDPC's decision and enforcement actions

The NDPC issued its initial decision in July 2023, and after several communications and failed remedial actions from Fidelity Bank, a directive to pay the fine was formally issued in December 2023. Despite multiple warnings and opportunities to rectify the situation, Fidelity Bank did not provide a satisfactory remedial plan, leading to the enforcement of the fine.

Dr. Vincent Olatunji, National Commissioner and CEO of the NDPC, emphasized the importance of maintaining trust in Nigeria's data protection framework. He urged data controllers and processors to avoid actions that could undermine confidence in Nigeria’s data protection capabilities.

Context and impact

This penalty is the largest fine imposed by the NDPC since the enactment of the Nigeria Data Protection Act. The Act, signed into law on June 14, 2023, established the NDPC to oversee and regulate personal data processing activities in Nigeria.

  • In August 2023, the NDPC announced investigations into several institutions, including banks and universities, for alleged data breaches.
  • The Commission had previously flagged institutions like Zenith Bank, Guarantee Trust Bank, Babcock University, and Leadway Insurance for suspected data protection infractions.
  • The Nigeria Data Protection Act, 2023, aims to strengthen the regulatory framework governing the processing of personal information in Nigeria.

Add Comment

Click here to post a comment

Subscribe to Our Newsletter

We keep your data private and share your data only with third parties that make this service possible. Read our Privacy Policy.

Categories

Video

Uniquely strategize progressive markets rather than frictionless manufactured products. Collaboratively engineer reliable.

About Author

Follow Me

Collaboratively harness market-driven processes whereas resource-leveling internal or "organic" sources. Competently formulate.

Calendar

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Text

Distinctively utilize long-term high-impact total linkage whereas high-payoff experiences. Appropriately communicate 24/365.