Fidelity Bank has been fined N555.8 million by the National Data Protection Commission (NDPC) for breaching customer data privacy.
Mr. Vincent Olatunji, the National Commissioner of NDPC, stated this on Wednesday in Abuja during the Validation Workshop for the General Application and Implementation Directive of the Nigeria Data Protection Act.
He stated that the penalty imposed on Tuesday needs to be settled within 14 days.
Olatunji stated that the Commission had been probing the bank since April 2023 and opted to enforce the maximum penalty because of the bank’s dismissive attitude toward the issue.
Olatunji stated that the bank breached both the Nigeria Data Protection Regulation (NDPR) established in 2019 and the Nigeria Data Protection Act (NDP) of 2023.
The penalty constitutes 0.1 percent of the bank’s total gross revenue for the year 2023.
He stated that the penalty, the largest ever imposed by the commission, was intensified by the bank’s arrogance and lack of cooperation during the investigation.
He mentioned, We have announced that failure to comply will result in penalties. These penalties can vary from N10 million to as much as two percent of the previous year’s gross earnings. r>. However, our strategy focuses on raising awareness and informing people about our responsibilities. When breaches occur, we assess the severity, impact, the number of affected individuals, and the extent of the organization’s cooperation concerning the penalty fee.
The largest penalty we’ve imposed since we began was on fidelity bank yesterday (Tuesday). Due to their breach of the NDP Act, 2023, and the NDPR, 2019, we levied a fine of N555.8 million, which they are required to pay. r>. We have noted significant violations and have been collaborating with them to investigate the matter since April 2023. However, once we concluded our investigation, they grew arrogant, leading us to impose a full penalty of approximately 0.1 percent of their 2023 earnings.
He stated that the development highlights the commission’s dedication to implementing data protection regulations and ensuring organizations are responsible for protecting customer data.