Lagos: The Nigeria Data Protection Commission (NDPC) has issued a regulatory advisory warning of escalating threats to Nigeria’s data security infrastructure.
Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations at NDPC, issued the advisory in a formal statement on Thursday.
He said the NDPC technical assessment revealed coordinated activities by threat actors targeting financial systems and critical digital infrastructure nationwide.
He urged organisations to immediately and proactively strengthen their data protection frameworks in strict compliance with the Nigeria Data Protection Act, 2023, emphasising that prompt action is essential to safeguard national data infrastructure.
He also reminded public institutions of President Bola Tinubu’s directive, emphasising the importance of safeguarding data.
He quoted the President as saying: “Data is the new oil; its value increases the more it is refined and responsibly shared.
“I therefore direct all Ministries, Extra-Ministerial Departments and Agencies to capture information rigorously and safeguard it under the Nigeria Data Protection Act 2023.”
He emphasised that all data controllers and processors, including government agencies, must adopt robust technical and organisational safeguards to ensure the privacy and security of personal data.
He listed key measures, including appointment of certified Data Protection Officers, privacy policies, security standards, and Data Privacy Impact Assessments.
Other critical recommendations include using Multi-Factor Authentication, implementing a zero-trust architecture, ensuring continuous system monitoring, promptly remediating vulnerabilities, maintaining robust cloud security, using encryption, conducting regular penetration testing, and developing effective backup and recovery procedures.
He said NDPC remained committed to providing regulatory support to organisations to ensure compliance and strengthen institutional resilience.
He warned that organisations must take concrete steps today to implement required data protection measures under the law, as failure to do so may result in serious legal liabilities.
“The Commission remains committed to protecting personal data, strengthening institutional resilience, and ensuring compliance across all sectors,” he said.
