Data Protection Act: Banks, telcos to lose 2% revenue for breaches – NDPC CEO Olatunji
The National Commissioner and CEO of the Nigeria Data Protection Commission (NDPC), Dr Vincent Olatunji, has said that commercial banks, telecommunications companies, and other organisations may be fined up to two per cent of their annual revenue for data breaches. Olatunji stated this on Monday in Abuja during a news conference on the implementation of the recently signed Nigeria Data Protection Act 2023. The NDPC CEO said the sanction could be more or less severe depending on the impact on the victim and other factors. While avowing that the act will ensure a sustainable digital economy, he disclosed that the commission is working to put plans in place to create half a million jobs to close the capacity gap in the subsector and help the President achieve his goal of creating one million jobs. He also explained that the commission aims to increase public awareness campaigns, develop a standardised framework for implementation to ensure consistency and clarity across all sectors and improve capacity-building for Data Protection Officers (DPOs) within the next two quarters of the year. Olatunji also revealed plans to upgrade the registration process for data controllers and processors. The plan also includes the introduction of a definite calendar for filing annual compliance audit returns and the strengthening of regulatory frameworks for DPCOs, as well as the issuing of sector-specific guidelines, particularly for financial and telecom sectors. At the core of the NDPR is the essence of respect: respect for the personal data of our citizens, respect for privacy, and respect for digital rights. This respect is now solidly etched in the NDPA. The change in legislation is not merely an addendum to the nation's law books but a transformative stride towards shaping a culture where the protection of personal data is a cherished principle and an inviolable obligation. The move to make data protection a statutory requirement means every organisation, big or small, must cooperate with government and also 'walk the talk' in the interest of our dear nation. This development should not be seen as a burden; rather, let us view it as an exciting journey towards gaining trust, building robust data protection structures, and strengthening our standing in the global digital economy landscape, he added.