The National Data Protection Commission (NDPC) has imposed a fine of N555.8 million on Fidelity Bank for violations related to the breach of its customers’ data.
The National Commissioner of the NDPC, Vincent Olatunji, disclosed this during the Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive, held on Wednesday in Abuja.
Olatunji explained that the tier-one bank breached the NDP Act of 2023 and the NDPR of 2019 regarding data protection, resulting in the fine, which amounts to 0.1 percent of the bank’s annual gross revenue for 2023.
He further noted that the fine, which is the highest ever imposed by the commission, was exacerbated by the bank’s arrogance and lack of cooperation during the investigation.
“Compliance with data protection regulations is crucial, and we have made it clear that non-compliance will be penalized. Our penalties range from N10 million to up to two percent of gross earnings from the previous year.
“However, our primary approach has been to raise awareness and educate organizations about their responsibilities. When assessing breaches, we consider the severity of the breach, its impact, the number of data subjects affected, and the level of cooperation from the organization in determining the penalty.
“Since our operations began, the most significant penalty we have issued was yesterday (Tuesday) to Fidelity Bank. For violating the NDP Act of 2023 and the NDPR of 2019, we levied a fine of N555.8 million, which they are required to pay.
“We have observed significant breaches and have been investigating the issue with them since April 2023. However, once our findings were concluded, the bank displayed arrogance, prompting us to impose the full penalty, which is approximately 0.1 percent of their 2023 earnings.
“This fine must be paid within 14 days of receiving this notice,” Olatunji stated.
