Vincent Olatunji, chief executive officer (CEO) of the Nigeria Data Protection Commission (NDPC), says the agency has realised over N400 million in revenue from penalising cases of data breaches in the digital space.
Olatunji told TheCable in an interview on Monday, that the amount was generated in less than two years, noting the commission would continue to protect citizens’ data.
He said the NDPC has received over 3000 complaints and has fined persons and institutions found to have defaulted in data protection.
“We’ve issued penalties to some organisations but we’re mindful because it can also affect their business — bear in mind the ease of doing business is an initiative of the federal government, that it wants to create a very comfortable environment for business to thrive in,” he said.
Advertisement
“But it also depends on the impact and if the data controller is not ready to cooperate, we can go ahead to issue a heavy fine.”
When asked about the weight of the penalties, Olatunji said: “It ranges from about a minimum of N10 million up until about two percent of your gross earnings from your previous year.”
“For instance, if your company earned N100 billion last year and there’s a data breach, we investigate depending on the impact, we can fix your penalty to range from between N10 million up until about two percent of your gross earnings from the previous year,” he added.
Advertisement
“It can also lead to a jail term of up to three years for the CEOs because you can’t claim that you don’t know unless you’re able to prove beyond reasonable doubt that you don’t know what led to that data breach. Ideally, as a CEO you should be aware.
“We’ve received over 3000 complaints, we’ve looked into over 900 and we’ve concluded about 17 from different sectors — gaming sector, financial, insurance, school, consulting, and we’ve actually issued penalties, now we call it remediation fee.”
A few weeks after assuming office, President Bola Tinubu signed the Nigeria data protection bill into law.
The legislation allows Nigerians to seek redress from any form of data breach.
Advertisement
The law also stipulates that citizens’ data is “processed in a fair, lawful and accountable manner”.
Add a comment