NDPC to Prosecute Data Privacy Offenders from 2025

Na'ankwat Dariem, Abuja

608

The Nigeria Data Protection Commission (NDPC) is taking bold steps to safeguard data privacy by prosecuting offenders starting from the beginning of 2025.

This move is part of its efforts to enforce regulations and promote responsible data handling in Nigeria.

The Head of the Legal Enforcement and Regulation Department at NDPC, Babatunde Bamigboye, disclosed this during a one-day cybersecurity awareness campaign with the theme “Utilising AI-Powered Services for Proactive Cybersecurity” in Abuja, Nigeria’s capital.

The event was organised by SOPHOS UK in collaboration with SPOKES Network and Net-Trix Solutions to foster networking with industry experts on how AI is shaping the future of cybersecurity.

Bamigboye explained that, due to the significant implications of data privacy breaches in Nigeria, the commission has embarked on awareness programmes to educate individuals on their data protection rights and inform data processors and controllers of their obligations.

To this end, he announced that beginning next year, the commission would prosecute any data controllers or processors found in breach of the law.

“At this moment, we have investigated quite a number of cases, and in terms of prosecution—as you know, as a lawyer, this means going to court—but we haven’t taken any matters to court yet.

“This is the formative stage; we understand the implications for the country as a whole. And usually, when you talk about prosecution, it also involves some criminal activities. So, at this moment, our focus has been on creating awareness.

“But from next year, we will step up enforcement in this area. What we have done so far is to take remedial actions against certain data controllers and processors who defaulted under the Act,” he noted.

He assured investors that Nigeria’s cyberspace is secure for digital transactions.

“Nigerian cyberspace is safe; otherwise, we wouldn’t be experiencing the smooth flow of digital transactions in Nigeria. It is safe but not without threats, and we are doing our best as a country to combat these threats.”

Christopher Odutola, a Sales Engineer at SOPHOS UK, noted in his presentation that 100% cybersecurity cannot be guaranteed, hence the need for proactive measures.

Also Read: Data Protection Awareness: NDPC Partners with Digital Influencer Enioluwa Adeoluwa

A lot of people will come to you and say, ‘We can give you 99.9% or 100% cybersecurity.’ It’s not true.

“Nobody can provide 100% security anywhere in the world. What they can do, as I mentioned earlier, is reduce the risk for you. However, determining the extent of risk reduction is difficult.

“It’s impossible to eliminate 100% of risks anywhere in the world. What we provide is what we call a cybersecurity breach protection warranty. This warranty covers incidents such as data breaches or ransomware attacks. For instance, if you lose your files while we manage your SOC as a service, we will reimburse up to one million dollars in response costs.”

Odutola further stressed the importance of organisations reducing cyber threat risks to secure cyberspace.

“There are risks to businesses, risks from downtime, attackers, scammers, and the rest, trying to infiltrate networks.

“The risk is always high. As cybersecurity professionals, we are doing as much as possible to reduce these risks.

“The various security controls we implement—antivirus software, firewalls, email security, cloud security, network security, and others—are aimed at reducing risks. We must focus on minimising risks. For instance, we currently see risks originating from third-party suppliers and vendors.”

According to him, “We have a process called risk assessment, which helps to evaluate vendors to ensure they do not introduce risks into our environment. This is why these security controls are crucial.

“We have them in place. It’s equally important to involve senior management in the discussion, as this is often where the gap lies. Unfortunately, cybersecurity is often perceived as a cost centre.”

The Chief Executive Officer (CEO) of Net-Trix Solutions, Harrison Oloye, said the event aimed to raise awareness about cyber threats and equip users to manage potential attacks.

“What we did, as Net-Trix Solutions Limited in conjunction with Spokes Network, is to create awareness and educate the public and private sectors on how to use Artificial Intelligence (AI) to combat cyber threats.”

Speaking further on achievements in creating awareness, he said: “As part of our Corporate Social Responsibility (CSR), we educate and train as many people as possible on the dangers of cyber threats and cyber-related crimes.”

The Head of Business at SPOKES Network, Ms. Sifon Ufot, emphasised the need to take proactive measures against cyber threats.

“We need to stay cyber-safe because hackers working behind the scenes are not joking—they work 24/7. For us, staying proactive is essential. With the help of AI, we can stay proactive; it provides information beforehand and even prevents some attacks from reaching us.”

Comments are closed.