The National Data Protection Commission has fined Fidelity Bank a total of £1.2m for infractions relating to breaches of its customers’ data.
The commission’s National Commissioner, Vincent Olatunji, announced this at the Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive on Wednesday in Abuja.
He stated that the tier one bank violated the NDP Act, 2023, and the NDPR, 2019 on data breach and was fined the amount, which represents 0.1% of the bank’s annual gross revenue in 2023.
The commissioner said the fine, the highest issued by the commission, was aggravated by the bank’s arrogance and poor cooperation during the investigation.
“Data protection compliance is important and we have stated that non-compliance will be punished,” said Olatunji. “We have penalties that range from £10m or up to 2% of gross earnings for the previous year.”
He added: “Our approach has been creating awareness and letting people know what we are supposed to be doing. Most of the breaches, we try to look at the level of breach, impact, and the number of data subjects affected and the level of cooperation by the organisation involved on the remuneration fee.”
The commissioner said the commission had been investigating the issue since April 2023, but the bank became “arrogant” by the time the findings were finalised, prompting the full penalty.
“This is to be paid within 14 days upon the receipt of this Notice,” he added.