The National Data Protection Commission (NDPC) has imposed a fine of N555.8 million on Fidelity Bank for violations related to breaches of its customers’ data.
This penalty was announced by the NDPC’s National Commissioner, Vincent Olatunji, during a Validation Workshop on the Nigeria Data Protection Act (NDPA) General Application and Implementation Directive held in Abuja on Wednesday.
According to Olatunji, Fidelity Bank’s actions were in direct violation of the Nigeria Data Protection Act of 2023 and the Nigeria Data Protection Regulation (NDPR) of 2019. The fine represents 0.1 percent of the bank’s annual gross revenue for 2023, making it the highest fine issued by the commission to date.
Olatunji highlighted that the penalty was not only due to the data breach itself but was also aggravated by the bank’s lack of cooperation and perceived arrogance during the investigation process.
Olatunji said, “Data protection compliance is important and we have stated that non-compliance will be punished. We have penalties that range from N10m or up to two per cent of gross earnings for the previous year.
“But our approach has been creating awareness and letting people know what we are supposed to be doing and most of the breaches we try to look at the level of breach, impact, and the number of data subjects affected and the level of cooperation by the organisation involved on the remuneration fee.
“Since we started, the major penalty we issued was yesterday (Tuesday) on fidelity bank. For the violation of the NDP Act, 2023, and the NDPR, 2019, we issued a fine of N555.8m and they have to pay. We have observed serious breaches and we have been working with them, investigating the issue since April 2023. But by the time we finalised our findings, they became arrogant and we decided to issue a full penalty on them which is about 0.1 per cent of their earnings for 2023.”
The bank has been given 14 days from the receipt of the notice to pay the fine.
