Fidelity Bank fined 555 million naira for data protection violations

The Nigeria Data Protection Commission (NDPC) has fined Fidelity Bank Plc 555 million naira for data breaches, marking the highest penalty issued by the commission to date.

The fine, representing 0.1% of the bank’s 2023 annual gross revenue, was announced by the National Commissioner, Dr. Vincent Olatunji, during a Stakeholders validation workshop in Abuja.

Dr. Olatunji explained that the fine was imposed after the bank failed to cooperate during investigations into their compliance with the NDPC Act 2023. Despite multiple efforts to ensure compliance and maintain industrial harmony, the bank displayed arrogance towards the NDPC, leading to the penalty.

Fidelity Bank has 14 days to pay the fine upon receiving the notification. Dr. Olatunji emphasized the importance of data protection compliance, warning that penalties can range from 10 million naira to 2% of an organization’s annual gross revenue.

Olatunji said: “Data protection compliance is important and we have stated that non-compliance will be punished. We have penalties that range from N10m or up to 2 percent of gross earnings for the previous year.

“The whole thing is about awareness for people to be aware of what is in the law, and the data protection ecosystem in Nigeria is still evolving, which is why we need to create more awareness as much as we can to avoid ambiguity.

“We have a PPP model to ensure compliance, we have licensed some professionals on data protection, that’s the Data Protection Compliance Organisations of Nigeria.

“We have licensed about 194 of them, and they go around organizations, private sectors, to take them through compliance in terms of crafting their privacy policy, creating awareness within the organizations.

“It is about letting them know their obligations under the law and carrying out Data Protection impact assessments, training their staff and registering with us, and submitting their annual report to the commission, with this we will know the level of compliance.

“The penalty for a data breach is huge if you don’t comply. Penalties can range from 10 million naira even up to 2 percent of their annual gross income for the previous year.

“However, in most of the breaches we have treated, we look at the level of the breach, the impact, the number of data subjects affected, and the level of cooperation that is involved.

“Since we started the only time we issued a major penalty was yesterday on Fidelity Bank.

“We issued a fine of about 555 million that they have to pay. We observed some breaches, we have been working with them since April 2023 on the investigation, and by the time we finalised, they became arrogant so we decided to issue a full penalty on them, which is about 0.1 percent of the gross earnings for 2023.”