By 
NDPC Raises Alarm Over Escalating Data Security Threats
The Nigeria Data Protection Commission (NDPC) has issued a regulatory advisory to all data controllers and data processors in response to growing threats to Nigeria’s data security infrastructure.
RELATED: NDPC probes alleged data breach involving Remita, Sterling Bank, others in wider digital payments crackdown
According to the Commission’s technical assessment, coordinated activities by unidentified threat actors are increasingly targeting financial systems and critical digital infrastructure across the country, raising concerns about data privacy, national security, and institutional resilience.
Presidential Directive Reaffirmed for Public Institutions
The NDPC reminded public institutions of an existing presidential directive by Bola Ahmed Tinubu, which underscores the strategic importance of data to national development.
“Data is the new oil; its value increases the more it is refined and responsibly shared. I therefore direct all Ministries, Extra-Ministerial Departments and Agencies to capture information rigorously and safeguard it under the Nigeria Data Protection Act 2023,” the President had stated.
Call for Immediate Compliance With Data Protection Law
In an official statement signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC, the Commission strongly advised all data controllers and processors—including Ministries, Departments and Agencies (MDAs)—to urgently strengthen their technical and organisational safeguards.
The advisory emphasised full compliance with the Nigeria Data Protection Act 2023 to ensure the privacy and protection of Nigerians and other data subjects.
Key Measures Mandated by the NDPC
The Commission outlined a comprehensive set of measures organisations are expected to implement without delay. These include:
- Appointment of trained and certified Data Protection Officers
- Development and effective enforcement of privacy policies and information security standards
- Conduct of Data Privacy Impact Assessments
- Deployment of robust identity and access controls, including multi-factor authentication (MFA)
- Implementation of zero-trust security architecture and network segmentation
- Prompt remediation of system vulnerabilities and continuous patch management
- Securing cloud infrastructure, APIs, databases, and access credentials
- Real-time monitoring, logging, and threat detection mechanisms
- Encryption, secure key management, and credential protection
- Regular Vulnerability Assessment and Penetration Testing (VAPT) on critical systems
- Routine data backup, recovery, and resilience testing
Regulatory Support and Enforcement Warning
The NDPC stated that it is prepared to provide regulatory guidance and support to organisations working to strengthen their data protection frameworks. However, it warned that failure or negligence in implementing the required safeguards may result in legal liabilities under the Nigeria Data Protection Act, 2023.
NDPC Reaffirms Commitment to Data Protection
The Commission reiterated its commitment to safeguarding personal data, and strengthening institutional cyber resilience. NDPC is ensuring compliance across both public and private sectors as Nigeria’s digital economy continues to expand.
