Fidelity Bank has been fined N555.8 million by the National Data Protection Commission for breaching the privacy of its customers’ data.
The fine is the highest ever issued by the commission.
This was disclosed by the National Commissioner of the NDPC, Vincent Olatunji, during the Validation Workshop on the Nigeria Data Protection Act General Application and Implementation Directive, held on Wednesday in Abuja.
Olatunji claims that Fidelity Bank violated both the 2019 Nigeria Data Protection Regulation and the Nigeria Data Protection Act of 2023.
The bank’s unwillingness to cooperate with the inquiry added to the fine, which is equivalent to 0.1 percent of the bank’s gross revenue for 2023.
“Data protection compliance is important, and we have stated that non-compliance will be punished. We have penalties that range from N10 million or up to two percent of gross earnings for the previous year,” Olatunji said.
He added, “But our approach has been creating awareness and letting people know what we are supposed to be doing. Most of the breaches we try to look at the level of breach, impact, and the number of data subjects affected, and the level of cooperation by the organization involved on the remuneration fee.”
Olatunji further explained, “Since we started, the major penalty we issued was yesterday (Tuesday) on Fidelity Bank. For the violation of the NDP Act, 2023, and the NDPR, 2019, we issued a fine of N555.8 million and they have to pay.”
The commissioner emphasized that since April 2023, the NDPC and Fidelity Bank have been collaborating to look into the data breach.
However, the bank’s attitude changed during the investigation, leading to the full penalty being applied. “We have observed serious breaches and have been working with them, investigating the issue since April 2023. But by the time we finalized our findings, they became arrogant, and we decided to issue a full penalty on them, which is about 0.1 percent of their earnings for 2023,” Olatunji said.
He also noted that the bank has 14 days to pay the fine. “This is to be paid within 14 days upon the receipt of this notice,” Olatunji concluded.
