The Nigeria Data Protection Commission (NDPC) has begun a sector-by-sector investigation of companies suspected of violating the Nigeria Data Protection Act (NDP Act), 2023.
In a statement issued on Monday, August 25, 2025, the Commission said it has sent Compliance Notices to some organisations across insurance, pension, gaming, banking, and brokerage sectors. The list of affected organisations will be published in major newspapers.
According to the NDPC, these companies must, within 21 days, submit evidence that they filed their 2024 compliance audit returns, appointed a Data Protection Officer, put in place technical and organisational measures to safeguard personal data, and registered as Data Controllers or Processors of Major Importance.
The Commission warned that failure to comply could lead to enforcement orders, heavy fines, or even criminal prosecution.
The NDPC stressed that the move is aimed at protecting the rights of Nigerians, promoting accountability among organisations, and strengthening the country’s digital economy in line with global standards
