Vincent Olatunji, CEO of the Nigeria Data Protection Commission (NDPC), has indicated that the agency has amassed over N400 million in revenue by penalizing cases of data breaches within the digital sphere.
Over a span of less than two years, the commission has been vigilant in safeguarding citizens’ data, receiving and addressing over 3000 complaints.
“We’ve issued penalties to some organisations but we’re mindful because it can also affect their business — bear in mind the ease of doing business is an initiative of the federal government, that it wants to create a very comfortable environment for business to thrive in,” he said.
“But it also depends on the impact and if the data controller is not ready to cooperate, we can go ahead to issue a heavy fine,” he added.
Olatunji emphasized the commission’s commitment to protecting data integrity while balancing the need for businesses to thrive in a conducive environment.
He highlighted the variable nature of penalties, ranging from a minimum of N10 million to up to two percent of an entity’s gross earnings from the previous year, depending on the severity of the breach.
“It ranges from about a minimum of N10 million up until about two percent of your gross earnings from your previous year.”
“For instance, if your company earned N100 billion last year and there’s a data breach, we investigate depending on the impact, we can fix your penalty to range from between N10 million up until about two percent of your gross earnings from the previous year,” he added.
“It can also lead to a jail term of up to three years for the CEOs because you can’t claim that you don’t know unless you’re able to prove beyond reasonable doubt that you don’t know what led to that data breach,” he said.
