The Nigeria Data Protection Commission has issued a regulatory advisory to all Data Controllers and Data Processors across the country in response to rising threats to data security infrastructure.
According to the Commission, its technical assessment reveals that certain threat actors are carrying out coordinated attacks targeting financial systems and critical digital infrastructure in Nigeria.
In a statement signed by Babatunde Bamigboye, Esq., Head of Legal, Enforcement & Regulations, public institutions were reminded of a presidential directive by Bola Ahmed Tinubu, which emphasizes that “data is the new oil,” with its value increasing when properly refined and responsibly shared.
The statement further quoted the President directing all Ministries, Extra-Ministerial Departments, and Agencies to diligently collect and safeguard data in compliance with the Nigeria Data Protection Act 2023.
The Commission advised that data controllers and processors, including MDAs, must urgently strengthen their technical and organisational frameworks to protect the privacy of Nigerians and other data subjects in line with the Act.
Recommended measures include appointing qualified Data Protection Officers, implementing effective privacy policies and information security standards, conducting Data Privacy Impact Assessments, and deploying strong identity and access controls such as Multi-Factor Authentication (MFA). Other steps include adopting zero-trust security architecture, addressing system vulnerabilities promptly, securing cloud infrastructure and databases, and maintaining real-time monitoring and threat detection systems.
Additional measures highlighted include implementing encryption and secure credential management, conducting Vulnerability Assessment and Penetration Testing (VAPT), and ensuring regular data backup, recovery, and resilience testing.
The NDPC stated that it remains ready to provide regulatory support to organisations to ensure adequate data privacy and protection. It also warned that failure to comply with the provisions of the Nigeria Data Protection Act, 2023 may result in legal consequences.
