The Nigeria Data Protection Commission (NDPC) has imposed a fine of ₦555.8 million on Fidelity Bank PLC for breaches of the Nigeria Data Protection Act, 2023, and the Nigeria Data Protection Regulation, 2019. This fine, representing 0.1% of the bank’s annual gross revenue in 2023, must be paid within 14 days of receiving the notice.
The investigation was initiated following a complaint in April 2023 from a data subject whose personal data was collected without lawful basis to open an account. The NDPC’s review revealed that Fidelity Bank processed personal data without informed consent, using tools such as cookies and its banking app, which had been downloaded over one million times. Additionally, the bank relied on non-compliant third-party data processors.
Despite multiple warnings and opportunities to comply, Fidelity Bank failed to present a satisfactory remedial plan. The initial decision was issued in July 2023, with a directive to pay the remedial fee in December 2023. Over ten correspondences were exchanged, but the bank did not meet the compliance requirements.
Dr. Vincent Olatunji, National Commissioner and CEO of the NDPC, emphasized the importance of data protection in maintaining trust and confidence in Nigeria’s economic systems. He warned that a lack of accountability in handling personal data could severely impact economic growth, but compliance with data protection laws would drive sustainable development in the country.