NDPC Mandates Enhanced Data Security Amid Escalating Cyber Threats
The Nigeria Data Protection Commission (NDPC) has issued a critical directive requiring organizations nationwide to immediately strengthen their data protection systems. This urgent call to action comes in response to mounting cyber threats specifically targeting Nigeria's digital infrastructure, with coordinated attacks aimed at financial systems and other vital national assets.
Coordinated Cyber Activities Pose Serious Risk
In a regulatory advisory signed on Thursday by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations, the commission revealed that its technical findings indicate sophisticated, coordinated cyber operations by shadowy threat actors. The NDPC described this development as presenting a serious risk to both data privacy and national security, requiring urgent and deliberate action from all institutions handling personal data.
The commission emphasized that both public and private sector entities must recognize the growing sophistication of these threats and respond accordingly. The advisory specifically reminded Ministries, Departments and Agencies (MDAs), along with private sector operators, of their legal obligations under the Nigeria Data Protection Act, 2023.
President Tinubu's Directive on Data Protection
The NDPC statement referenced a directive from President Bola Ahmed Tinubu that underscored the strategic importance of data in national development. "Data is the new oil; its value increases the more it is refined and responsibly shared," the presidential directive stated. "I therefore direct all Ministries, Extra-Ministerial Departments and Agencies to capture information rigorously and safeguard it under the Nigeria Data Protection Act 2023."
The commission strongly advised that data controllers and processors, including MDAs, must urgently enhance their technical and organizational measures to ensure the privacy of all Nigerians and other data subjects.
Required Security Measures and Compliance
The NDPC outlined comprehensive steps organizations must implement, including:
- Deployment of stronger access controls and multi-factor authentication systems
- Encryption of sensitive data throughout its lifecycle
- Continuous monitoring of networks to detect and respond to threats in real time
- Regular vulnerability assessments and penetration testing
- Securing cloud infrastructure and proper management of digital credentials
Beyond technical measures, the commission stressed the importance of establishing clear privacy policies, appointing qualified data protection officers, and conducting thorough impact assessments to identify and mitigate risks associated with data processing activities.
Legal Consequences for Non-Compliance
The NDPC issued a clear warning that organizations failing to comply with the provisions of the Nigeria Data Protection Act risk facing legal consequences. The commission noted that enforcement mechanisms under the Act are already operational and ready to be deployed against violators.
Simultaneously, the NDPC assured stakeholders of its readiness to provide regulatory support to help institutions align with international best practices and strengthen their data protection frameworks. This advisory arrives amid heightened cybersecurity concerns as Nigeria's digital economy continues its rapid expansion, with authorities working to build resilience and protect sensitive information across all sectors.
