The Federal Government, through the National Data Protection Commission (NDPC), has imposed a record-breaking fine of N555.8 million on Fidelity Bank for violating customer data protection laws.
This penalty is the largest ever issued by the commission, setting a strong precedent for the enforcement of data privacy regulations in Nigeria.
The announcement was made by Vincent Olatunji, National Commissioner of the NDPC, during a Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive held in Abuja on Wednesday.
According to Olatunji, the fine was a direct consequence of Fidelity Bank’s breaches of the National Data Protection Act (NDP Act) 2023 and the Nigeria Data Protection Regulation (NDPR) 2019.
The N555.8 million penalty represents 0.1% of the bank’s annual gross revenue for 2023 and highlights the NDPC’s commitment to enforcing compliance with data protection laws.
Olatunji emphasized that while the NDPC has focused largely on awareness and education about data protection regulations, violations are taken seriously, and penalties will be enforced for non-compliance.
“Data protection compliance is important, and we have stated that non-compliance will be punished,” Olatunji said.
“We have penalties that range from N10 million or up to two per cent of gross earnings for the previous year. In the case of Fidelity Bank, after thorough investigations and the severity of the breaches, we issued the highest fine yet.”
The NDPC had been investigating Fidelity Bank since April 2023 after serious breaches in the handling of customer data were discovered.
Initially, the bank was cooperative, but as investigations concluded, the bank reportedly became resistant to further discussions with the commission, leading to the full penalty being imposed.
Fidelity Bank’s violations involved mishandling customer data, a critical breach under the NDP Act, which prioritizes the protection of personal information and holds organizations accountable for maintaining the privacy of the data they handle.
The NDP Act, passed in 2023, seeks to strengthen the rights of individuals and ensure that businesses and institutions are transparent in their data management practices.
“This fine is a clear warning to all organizations handling personal data that breaches will not be tolerated. We expect companies to take this issue seriously, as failure to comply will result in significant penalties,” Olatunji added.
The bank has been given 14 days to pay the fine or face further consequences. The NDPC’s actions are part of a broader push to establish Nigeria as a leader in data protection, particularly in the wake of increasing digitalization and the growing importance of personal data security.
This fine sends a strong message to the financial sector and beyond: compliance with data protection laws is mandatory, and lapses will be met with stringent consequences.
Fidelity Bank’s situation highlights the need for all organizations to prioritize data protection and ensure they meet the necessary legal standards.