The National Data Protection Commission (NDPC) has imposed a substantial fine of N555.8 million on Fidelity Bank for violating customer data protection regulations. This penalty, announced by NDPC National Commissioner Vincent Olatunji, marks the highest fine issued by the commission to date.
According to Olatunji, Fidelity Bank contravened the NDP Act, 2023, and the NDPR, 2019, resulting in the maximum penalty of 0.1% of the bank’s annual gross revenue in 2023. The fine was exacerbated by the bank’s uncooperative attitude and arrogance during the investigation.
Olatunji emphasized the importance of data protection compliance, stating, “Data protection compliance is important, and we have stated that non-compliance will be punished. We have penalties that range from N10m or up to two percent of gross earnings for the previous year.”
The NDPC has been investigating the breach since April 2023 and has given Fidelity Bank 14 days to pay the fine. Olatunji noted, “We have observed serious breaches and we have been working with them, investigating the issue since April 2023. But by the time we finalized our findings, they became arrogant, and we decided to issue a full penalty on them, which is about 0.1% of their earnings for 2023.”
The commission’s decision underscores the significance of adhering to data protection regulations and the consequences of non-compliance. As Olatunji asserted, “This is to be paid within 14 days upon receipt of this notice.” The NDPC’s actions demonstrate its commitment to enforcing data protection laws and holding organizations accountable for their actions.
