The National Data Protection Commission (NDPC)has confirmed and fined Fidelity Bank N555.8m for acts against customers’ data privacy.
Mr. Vincent Olatunji, NDPC’s National Commissioner, confirmed the development on Wednesday in Abuja during a Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive.
He explained that the fine was communicated with the bank on Tuesday and should be paid within 14 days.
He noted that the commission had commenced an investigation into the violation in April 2023 and that the decision to issue the fine was based on the bank’s demonstrated arrogance.
According to him, the bank has violated the Nigeria Data Protection Regulation (NDPR) of 2019 and the Nigeria Data Protection (NDP) Act of 2023, which warranted the fine.
Olatunji said the bank violated the Nigeria Data Protection Regulation (NDPR) of 2019 and the Nigeria Data Protection (NDP) Act of 2023. The fine will be 0.1 per cent of the bank’s annual gross revenue for 2023.
He explained that the bank’s fine represented the highest amount of fine issued since the establishment of the commission; he further noted that the bank’s attitude during the investigation led to the aggravation of the said amount.
He noted that the commission had established penalties, which range from N10m to up to two per cent of gross earnings for the previous year.
He further noted that the commission’s approach has been to create awareness and inform the concerned stakeholders of all that concerns them. He also said that the commission has been able to alert the stakeholders of the level of breach, impact, the number of data subjects affected, and the level of cooperation by the organisation involved on the remuneration fee.
He noted the commission has worked for months with Fidelity to bring out the important details in the investigation. The investigation has warranted the penalty issued to the individuals.
He disclosed that the current developments show the commission’s level of commitment to enforcing data protection laws and holding organizations accountable for ensuring the safety of customers’ data.