Nigeria Data Protection Commission (NDPC) has issued a regulatory advisory to data controllers and processors across the country following what it described as escalating threats to Nigeria’s data security architecture.
NDPC
In a statement signed by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, the commission said its technical assessment revealed that some shadowy threat actors were engaged in coordinated operations targeting financial systems and critical digital infrastructure in Nigeria.
The commission urged public institutions to comply with the presidential directive of Bola Ahmed Tinubu, which emphasises the strategic importance of data in national development.
Read Also: FG Moves to Strengthen Cybersecurity Coordination as NDPC Probes Alleged Data Breach
According to the NDPC, the President had declared that “data is the new oil,” stressing the need for Ministries, Departments and Agencies (MDAs) to rigorously capture and safeguard information in line with the Nigeria Data Protection Act, 2023.
The commission therefore advised all data controllers and processors to urgently strengthen their technical and organisational measures to protect personal data and ensure compliance with the law.
It listed key measures to include the appointment of trained and certified Data Protection Officers, implementation of comprehensive privacy policies and information security standards, as well as conducting Data Privacy Impact Assessments.
Other measures recommended by the NDPC include deployment of robust identity and access controls such as Multi-Factor Authentication, adoption of zero-trust security architecture, prompt remediation of system vulnerabilities, and continuous patch management.
The commission also emphasised the need to secure cloud infrastructure, application programming interfaces (APIs), databases and access credentials, alongside real-time monitoring, logging and threat detection systems.
Further recommendations include encryption and secure credential handling, regular vulnerability assessment and penetration testing of critical systems, as well as routine backup and resilience testing.
Also Read: NDPC Warns Content Creators, Social Platforms on Privacy Breaches
The NDPC warned that organisations that fail to implement appropriate data protection measures in accordance with the Nigeria Data Protection Act, 2023 risk legal liabilities.
It reiterated its commitment to providing regulatory support to organisations while ensuring the protection of personal data and strengthening institutional resilience across all sectors.
