NDPC fines Fidelity Bank N555.8m for alleged data breach

The National Data Protection Commission (NDPC) has fined Fidelity Bank a substantial N555.8 million for breaching customer data privacy.

Vincent Olatunji, National Commissioner of the NDPC, announced the fine during a Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive in Abuja on Wednesday.

Fidelity Bank was found in violation of both the Nigeria Data Protection Regulation (NDPR) of 2019 and the Nigeria Data Protection (NDP) Act of 2023. The fine, representing 0.1 percent of the bank’s annual gross revenue for 2023, is the largest ever imposed by the NDPC.

Olatunji explained that the severity of the penalty was heightened by the bank’s lack of cooperation and dismissive attitude during the investigation. He underscored the critical importance of data protection compliance, noting that penalties for non-compliance can range from N10 million to up to two percent of an organization’s gross earnings.

“Since we began enforcing data protection regulations, this is the most significant penalty we’ve issued,” Olatunji stated. “Fidelity Bank’s violations were serious, and despite working with them since April 2023 to address these issues, their arrogance ultimately led us to impose the full penalty.”

The NDPC has given Fidelity Bank 14 days to pay the fine upon receiving the notice. This action underscores the commission’s commitment to enforcing data protection laws and holding organizations accountable for safeguarding customer data.