News Highlights:
- The Nigeria Data Protection Commission has warned of coordinated cyberattacks targeting Nigeria’s financial systems and critical digital infrastructure.
- Organisations risk legal consequences under the Nigeria Data Protection Act 2023 if they fail to urgently strengthen data protection and cybersecurity measures.
The Nigeria Data Protection Commission (NDPC) has issued a strong regulatory advisory to data controllers and processors across the country, warning of escalating threats to Nigeria’s data security infrastructure.
In a statement released by the Commission, its technical assessment revealed that shadowy threat actors are engaged in coordinated cyber operations targeting financial systems and critical digital infrastructure nationwide.
The development, the NDPC noted, underscores the urgent need for both public and private institutions to reinforce their data protection frameworks.
Reinforcing the urgency of the advisory, the Commission referenced a presidential directive by President Bola Ahmed Tinubu, who had emphasised the strategic importance of data in national development.
According to the President, “Data is the new oil; its value increases the more it is refined and responsibly shared.” He further directed all Ministries, Departments, and Agencies to rigorously capture and safeguard data in compliance with the Nigeria Data Protection Act 2023.
In line with this directive, the NDPC has urged all data controllers and processors, including government institutions, to immediately strengthen both technical and organisational safeguards to protect the privacy of Nigerians and other data subjects.
The Commission stressed the importance of measures such as appointing certified Data Protection Officers, implementing comprehensive privacy policies, and conducting Data Privacy Impact Assessments.
It further called for the deployment of advanced cybersecurity protocols, including multi-factor authentication, zero-trust architecture, continuous system patching, and robust identity and access management systems.
Organisations are also expected to secure cloud infrastructure, maintain real-time threat monitoring systems, and implement strong encryption and credential management practices.
The advisory additionally emphasised the need for regular vulnerability assessments and penetration testing on critical systems, alongside consistent backup, recovery, and resilience testing to ensure business continuity in the face of cyber threats.
The NDPC assured stakeholders of its readiness to provide regulatory support to organisations striving to meet compliance requirements. However, it warned that failure to implement appropriate data protection measures as stipulated under the law could attract legal consequences.
The statement, signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the Commission, reaffirmed the NDPC’s commitment to safeguarding personal data, strengthening institutional resilience, and ensuring strict compliance with data protection regulations across all sectors of the economy.