A Nigerian tier-2 bank with a market capitalization of ₦323 billion, Fidelity Bank has been fined ₦555.8 million by the Nigeria Data Protection Commission for a data protection violation.
The fine, which amounts to 0.1% of the bank’s 2023 revenue, must be paid within 14 days of receiving the notice, according to the NDPC.
The investigation into Fidelity Bank’s data practices began in April 2023. The NDPC revealed that the bank processed personal data without obtaining informed consent from data subjects in several critical instances. Additionally, the regulator found that Fidelity Bank relied on third-party data processors that were non-compliant with the 2023 Nigeria Data Protection Act.
“The Commission reviewed Fidelity Bank’s data processing platforms and found significant lapses in obtaining informed consent from individuals whose data was processed,” the NDPC stated on Wednesday.
The NDPC also noted that it initially imposed a remedial fee on the bank in December 2023 but said Fidelity Bank failed to address the concerns despite multiple warnings.
“The commission provided numerous opportunities for Fidelity Bank to ensure full accountability over the past year, prioritizing a culture of compliance. However, the bank did not present an adequate remedial plan,” the NDPC added.
This penalty follows a broader crackdown on data privacy violations in Nigeria. In July 2024, the Federal Competition and Consumer Protection Commission and the NDPC jointly fined WhatsApp $200 million after a three-year investigation into the company’s privacy practices.
