August 25, 2025 — The Nigeria Data Protection Commission (NDPC) has directed banks, insurance companies, and other players in the financial services sector to comply with its mandatory data protection audit within the next 21 days.
The Commission said the directive became necessary following concerns over weak compliance with the Nigeria Data Protection Act, stressing that financial institutions handle some of the most sensitive customer data and must adopt global best practices in data security and privacy management.
According to NDPC, the audit will assess the level of compliance with data governance standards, identify gaps, and ensure institutions implement corrective measures to safeguard customers from risks of data breaches, identity theft, and cyber fraud.
Failure to comply, the Commission warned, could attract stiff penalties, including fines and possible sanctions, as stipulated under the law.
Data protection experts say the move is timely given the rise in cybercrime and digital fraud across Nigeria’s financial space, adding that strict enforcement would not only protect consumers but also strengthen confidence in the financial system.
The NDPC reiterated its commitment to fostering a secure digital economy while urging institutions to treat data protection as a core part of their operational culture.
