Nigeria’s National Information Technology Development Agency has started investigations over how firms breached personal data entrusted under their care as they equally fined those found wanting. This was contained in the Nigeria Data Protection Regulation Performance Report 2020-2021, which was launched by the Minister of Communications and Digital Economy, Prof Isa Pantami, last week.
The report further disclosed that seven investigations were concluded and sanctions were imposed on three entities.
It was also disclosed that the number of ongoing investigations on alleged data breaches rose from 15 in 2020 to 17 in 2021, while the number of investigations concluded rose from one in 2020 to seven in 2021.
In addition, the amount of fines issued rose from N1m in 2020 to 15m in 2021.
The report further disclosed NITDA that was partnering with key stakeholders to ascertain appropriate sanctions for different kinds of violations of the Nigeria Data Protection Regulation.
It read in part, “NITDA is partnering with stakeholders to determine administrative sanctions for identified categories of the NDPR breaches. This would provide clarity and predictability to the NDPR enforcement efforts and serve as a good foundation for any future data protection law.”
In March 2021, NITDA ordered a data controller, Electronic Settlement Limited, to pay the sum of N5m as a fine for certain breaches on personal data entrusted to the company.
In August 2021, NITDA imposed a sanction of N10m on an online lending platform, Soko Lending Company Limited, for data privacy invasion.