Vincent Olatunji, the National Commissioner of the commission, announced this during a Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive held on Wednesday in Abuja.
Olatunji explained that the tier-one bank breached the Nigeria Data Protection (NDP) Act, 2023, and the Nigeria Data Protection Regulation (NDPR), 2019, leading to the fine, which represents 0.1% of the bank’s annual gross revenue for 2023.
- Â Fidelity Bank plans N26.7bn capital raise
- N127bn capital raise, Fidelity Bank
- Top Five Banks Allocate ₦222 Billion to Strengthen Cybersecurity Measures
The CEO noted that this fine, the largest ever issued by the commission, was exacerbated by the bank’s arrogance and lack of cooperation during the investigation.
Olatunji stated, “Compliance with data protection is crucial, and we’ve made it clear that non-compliance will be penalized. Our penalties range from N10 million up to 2% of the gross earnings from the previous year.”
He further explained that the commission’s approach has been to raise awareness and educate organizations on their responsibilities, taking into account the severity of breaches, their impact, the number of affected data subjects, and the level of cooperation from the organization when determining penalties.
“Since we began, the most significant penalty we’ve issued was yesterday (Tuesday) to Fidelity Bank. For violating the NDP Act, 2023, and the NDPR, 2019, we imposed a fine of N555.8 million, which they must pay.
We’ve been investigating serious breaches with them since April 2023, but when we concluded our findings, their arrogance led us to impose the full penalty, which is approximately 0.1% of their earnings for 2023,” he added. The fine is to be paid within 14 days of receiving the notice.