NDPC Orders Stronger Data Security Measures as Cyber Threats Escalate

NDPC Orders Stronger Data Security Measures as Cyber Threats Escalate

The Nigeria Data Protection Commission (NDPC) has called on organisations across Nigeria to urgently reinforce their data protection systems following an increase in cyber threats targeting critical digital infrastructure.

In a regulatory advisory issued on Thursday and signed by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, the commission said its latest technical assessments indicate coordinated cyber operations targeting financial systems and other sensitive national assets.

The NDPC warned that the sophistication and scale of emerging threats now require swift and sustained action from both public and private sector operators handling personal data.

It stated that “some shadowy threat actors have engaged in coordinated operations targeting financial systems and key digital infrastructure in Nigeria,” describing the situation as a growing risk to both data privacy and national security.

The commission reminded Ministries, Departments and Agencies (MDAs), as well as private organisations, of their obligations under the Nigeria Data Protection Act, 2023, urging immediate upgrades to existing security and compliance frameworks.

“The Commission strongly advises that data controllers and processors, including MDAs, are to urgently step up their technical and organisational measures to ensure the privacy of all Nigerians and other data subjects,” the advisory stated.

NDPC also referenced a presidential directive by President Bola Ahmed Tinubu highlighting the strategic value of data in national development and the need for strict safeguards in its handling.

“Data is the new oil; its value increases the more it is refined and responsibly shared. I therefore direct all Ministries, Extra-Ministerial Departments and Agencies to capture information rigorously and safeguard it under the Nigeria Data Protection Act 2023,” the directive noted.

The commission outlined a series of mandatory security practices expected from organisations, including stronger access controls, multi-factor authentication, encryption of sensitive data, and continuous system monitoring to detect threats in real time.

It further stressed the need for regular vulnerability assessments, secure cloud infrastructure management, and strict control of digital credentials to prevent unauthorised access to systems.

Beyond technical safeguards, the NDPC urged institutions to establish robust privacy policies, appoint certified data protection officers, and conduct impact assessments to identify and mitigate risks in data processing operations.

While warning that non-compliance with the provisions of the Nigeria Data Protection Act could attract legal consequences, the commission assured organisations of its readiness to provide regulatory guidance and support to ensure compliance.

The advisory comes amid growing concern over cyber security risks as Nigeria’s digital economy expands, with regulators intensifying efforts to strengthen resilience and protect sensitive national data.