Speaking during the signing of the MoU with the Bureau of Public Procurement, Dr Vincent Olatunji, the national commissioner/CEO, NDPC, commended the leadership of the BPP for prioritising privacy and data governance.

He stated:

“Data privacy is a global imperative for building trust, confidence, and credibility within the digital ecosystem. The NDPC remains committed to supporting the integration of robust data protection standards within Nigeria’s procurement sector.”

In his remarks, Dr Adebowale Adedokun, director-general of the BPP, reaffirmed the Bureau’s commitment to ethical data management and compliance with global best practices.

In his words:

“We recognise that the unlawful disclosure of government information is a criminal offence. As we embrace technology, there is a growing need to strengthen safeguards for the protection of sensitive information.”

As part of the collaboration, Dr Olatunji offered 50 Virtual Privacy Academy vouchers to BPP staff to support capacity development in data protection and privacy.

Dr Adedokun welcomed the initiative and proposed broader training opportunities for the Bureau’s 453 procurement officers nationwide.

In a related development, the NDPC also signed an MoU with the Nigeria Governors’ Forum (NGF) to deepen data protection and privacy at the state level.

Speaking at the signing ceremony, Dr Olatunji commended the leadership of the NGF for its readiness to partner with the Commission in advancing responsible data governance at the state level.

He said:

“Compliance with data protection obligations is critical to strengthening privacy frameworks across our states, thereby accelerating nationwide adoption, enhancing investor confidence, as well as foreign direct investment.”

Dr Abdulateef Shittu, director-general of the NGF, reaffirmed the Forum’s commitment to strengthening data protection and privacy across the states.

In his words:

“This partnership with the NDPC is a strategic step towards securing Nigeria’s digital ecosystem and advancing responsible data governance at the subnational level.”

To ensure effective implementation of both agreements, working groups were established by the NDPC with the BPP and the NGF respectively to develop actionable frameworks for swift implementation.

The post NDPC Signs MoUs with BPP, NGF to Strengthen Data Protection and Privacy appeared first on Tech | Business | Economy.

The commission said it had received reports of individuals taking pictures and recording videos of unsuspecting members of the public and sharing them on social media.

According to the regulator, such actions violate the privacy rights of citizens protected under Section 37 of the 1999 Constitution of the Federal Republic of Nigeria and the Nigeria Data Protection Act, 2023.

Officials pointed to a recent case involving a content creator who stands by the roadside in Lagos and records members of the public as part of what she describes as a “reality show”.

The commission stated that using people’s images in that way requires consent unless the creator can clearly justify it under other lawful grounds for processing personal data.

Preliminary checks by the NDPC found that the activity amounts to a deliberate invasion of citizens’ privacy. The commission said the recordings do not serve a public interest or any legitimate purpose.

It also noted that those being filmed do not expect their images to be captured and shared online by a stranger.

Following the development, the National Commissioner and Chief Executive Officer of the NDPC, Vincent Olatunji, directed major social media platforms to strengthen enforcement of their community rules.

Platforms mentioned include TikTok, X (formerly Twitter) and Meta Platforms.

The commission said these companies must act quickly when harmful content appears on their platforms. If they fail to respond on time, the regulator warned that it may impose sanctions under the Nigeria Data Protection Act.

The NDPC also reminded content creators that they are responsible for what they publish online. According to the commission, anyone who violates the privacy rights of citizens may face legal consequences, including criminal prosecution.

The post NDPC Warns Content Creators Against Filming Nigerians Without Consent appeared first on Tech | Business | Economy.

Officials say the process will guide a policy that balances children’s safety with the benefits of internet access.

To begin the process, the Ministry of Communications, Innovation and Digital Economy has launched a public poll.

Parents, teachers, young people and digital experts are invited to share their views on how Nigeria should regulate children’s access to social media and other online platforms.

The ministry says the aim is to build an evidence-based policy that protects children while allowing them to benefit from digital tools used for learning, communication and creativity.

However, officials say the same internet also exposes young users to serious risks including cyberbullying, harmful content, online grooming, misuse of personal data and addictive platform features. Authorities also warned about new threats linked to artificial intelligence tools.

In a policy note released with the survey, the ministry stressed the need for a balanced approach.

“As Nigeria evaluates possible policy options, it is important that any approach reflects national priorities, respects children’s rights, and responds effectively to the realities of the country’s digital landscape,” the ministry stated.

The supervising minister, Bosun Tijani, also spoke about the initiative on social media, saying the government wants to ensure children remain protected as internet use continues to grow.

“While the internet offers significant opportunities for learning, creativity, and communication, it also exposes children to risks such as cyberbullying, harmful content, online exploitation, misuse of personal data, and emerging challenges linked to artificial intelligence tools,” Tijani said.

He added that public participation will determine whatever policy the government adopts.

“As Nigeria evaluates potential policy approaches for protection of children online, including age restrictions, improved age verification systems, platform accountability measures, and enhanced regulatory oversight, public input is essential to ensure that any framework adopted reflects national priorities and respects children’s rights,” he said.

If introduced, Nigeria would join several countries that have already placed age restrictions on children’s access to social media.

Australia introduced one of the toughest regulations in December 2025. The law bans social media use for people under 16 and requires platforms such as TikTok, Instagram and YouTube to enforce the restriction.

Lawmakers in France also passed legislation in January 2026 to ban social media for children under 15. President Emmanuel Macron backed the bill, arguing it would help curb excessive screen time among young users.

Denmark has announced a similar plan. Its government secured political backing in late 2025 for a ban covering children under 15.

Authorities in Indonesia have also confirmed a ban on social media use for those under 16, pointing to child safety concerns.

Across the world, governments are working to ensure better management. Recent global tracking shows more than 40 countries are studying or introducing some form of age restriction for social media.

Smartphone use has expanded in the past decade, pushing internet access into homes, schools and workplaces across the country. Social media has followed the same path.

According to the National Commissioner of the Nigeria Data Protection Commission, Vincent Olatunji, more than 40 million Nigerians now spend about six hours each day on social media platforms.

He said this level of activity makes it important for users to understand the risks tied to sharing personal information online.

Child protection groups and policymakers have repeatedly warned that minors are especially vulnerable. Concerns range from online exploitation to exposure to harmful content and weak data protection.

Through the new consultation, the government hopes to gather enough public input before deciding whether Nigeria should introduce age limits, stronger verification systems or tighter rules for digital platforms operating in the country.

The post FG Begins Consultation on Possible Social Media Age Restrictions for Children appeared first on Tech | Business | Economy.

The days when regulators relied on paper records and random inspections are fading fast.

Today, what really drives effective control is data, the ability to collect, analyze, and act on accurate information in real time.

This new approach is what experts call Smart Regulation, a system where technology, data, and automation help government agencies monitor the gaming industry more efficiently.

Instead of waiting for problems to happen, smart regulation helps predict risks, track performance, and ensure that operators follow the rules as transactions occur.

At the center of this digital shift is an important institution that many people don’t often associate with gaming, the Nigeria Data Protection Commission (NDPC).

The NDPC is responsible for making sure that personal information, like names, bank details, and location data, is used safely and responsibly.

In a gaming sector where millions of players make daily digital payments, share personal data, and create transaction histories, the NDPC’s role has become crucial.

Every online bet or gaming transaction generates data, who played, how much was staked, where they played from, and when. That data can help regulators detect fraud, ensure tax compliance, and promote responsible gaming. But it can also be misused if it’s not well protected.

This is where NDPC comes in, it provides the rules that keep player information private while still allowing regulators to use data for legitimate oversight.

In simple terms, NDPC ensures that while gaming becomes smarter, it doesn’t become invasive. Operators can use technology to improve compliance and efficiency, but they must also respect the rights of their players.

Smart regulation powered by NDPC principles can transform the way gaming is governed in Nigeria. Imagine a unified system where state and national regulators can see real-time reports from licensed operators, track payments, detect irregularities, and verify compliance, all without exposing sensitive player data. That’s the future Nigeria should be building.

This approach benefits everyone involved:

• For regulators, it means more accurate oversight and fewer loopholes.
• For operators, it builds trust with both government and players.
• For players, it guarantees that their data and funds are secure.

However, to make this work, regulators must improve their digital skills. They need experts who understand data analytics, cybersecurity, and artificial intelligence.

The NDPC, in turn, should create clear rules that guide how gaming companies collect, store, and share player information.

Smart regulation is not just about technology, it’s about trust. When players believe that their information is safe, they are more likely to participate. When operators know that regulators are fair and efficient, they are more willing to comply. And when the system runs on accurate data, the entire economy benefits.

In this new era, data is more than numbers, it’s the heartbeat of Nigeria’s gaming economy. And with NDPC ensuring it’s protected and properly used, the gaming industry can grow stronger, safer, and smarter.

After all, if data is the new oil, NDPC is the refinery making sure it’s clean and useful.

*‘Gaming Grid’ is your weekly pulse on Nigeria’s gaming industry, its trends, and its trailblazers. Stay plugged in on Techeconomy as we unpack the opportunities beyond the odds.

The post Smart Regulation: How Data Intelligence is Redefining Gaming Oversight in Nigeria appeared first on Tech | Business | Economy.

This milestone underscores Mastercard’s commitment to privacy, data responsibility, and regulatory compliance, while advancing its broader ambition to embed responsible data practices across Africa’s digital economy.

The VPA is a training program developed by the NDPC to equip professionals with essential knowledge on personal data governance, lawful processing, cybersecurity hygiene, and emerging regulatory obligations.

It distills the core principles of the Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025 framework into engaging, locally relevant content for employees across all sectors.

The urgency, Mastercard said, is clear, data breach incidents in Nigeria surged by 64% in the first quarter of 2023 alone, and the Nigeria Data Protection Commission investigated 213 privacy breaches between 2023 and 2024, underscoring the critical need for widespread privacy awareness training.

“Privacy is not just a compliance requirement; it’s a core pillar of digital trust. By enrolling all our Nigerian staff in the NDPC Virtual Privacy Academy, we are embedding privacy awareness into the fabric of our operations and supporting Nigeria’s digital rights agenda,” said Mark Elliott, Division President for Africa at Mastercard.

“The Virtual Privacy Academy represents a landmark opportunity to scale privacy knowledge in a way that is both practical and impactful. Our collaboration with NDPC is equipping professionals with the tools to make ethical, informed decisions that protect individuals while enabling innovation,” said Derek Ho, Deputy Chief Privacy, AI and Data Responsibility Officer, Mastercard.

“We are proud to work with Mastercard to deliver real-world solutions that strengthen Nigeria’s data protection ecosystem. The Virtual Privacy Academy will play a critical role in empowering professionals with the knowledge and confidence to uphold ethical data practices in a rapidly evolving digital world,” said Dr. Vincent Olatunji, National Commissioner/CEO of the NDPC.

Following the completion of the training for all Mastercard employees in Nigeria, Mastercard plans to extend access to the VPA to its vendors and suppliers, in line with NDPC guidelines. This initiative builds on Mastercard’s work with regulators, professionals, MSMEs, and fintechs to foster a secure, inclusive, and trusted digital environment.

As part of this broader ambition, Mastercard is helping unlock Africa’s $1.5 trillion digital payments potential by 2030 by strengthening digital trust, enabling innovation, and championing responsible data practices across the continent.

The post Mastercard, Nigeria Data Privacy Commission Launch Virtual Training on Privacy & Trust appeared first on Tech | Business | Economy.

The companies under investigation cut across some of Nigeria’s most sensitive industries. They include 795 financial institutions, 392 insurance brokers, 35 insurance companies, 10 pension firms, and 136 gaming operators. Each has been given 21 days to prove compliance or risk sanctions.

According to a statement signed by Babatunde Bamigboye, head of Legal, Enforcement and Regulations at the NDPC, the affected organisations must present evidence of their 2024 compliance audit returns, the appointment of a Data Protection Officer with full contact details, as well as technical and organisational safeguards they have put in place. 

They are also expected to confirm registration as a “data controller or processor of major importance.”

“These organisations are required to within 21 days of issuance provide evidence of filing NDP Act Compliance Audit Returns for 2024, evidence of designation or appointment of a Data Protection Officer, including name and contact details. 

“They are also to provide summary of technical and organisational measures for data protection within the organisation and evidence of registration as a data controller or processor of major importance,” the Commission stated.

The Commission argues that such enforcement is necessary to secure citizens’ rights under the 1999 Constitution and to strengthen trust in Nigeria’s digital economy. The NDPC says that failure to comply could trigger fines, enforcement orders, or even criminal prosecution as stipulated under the NDPA.

This latest development comes weeks after Multichoice Nigeria was fined ₦766.2 million for data protection violations, the biggest penalty imposed so far. 

The pay-TV operator was found guilty of intrusive data practices, unauthorised cross-border transfers, and processing subscriber and non-subscriber data without proper consent.

National Commissioner, Dr Vincent Olatunji, explained that the Commission operates a remediation-first approach to enforcement. He noted that businesses willing to correct violations are given an opportunity to do so before penalties are applied.

“Usually, when we investigate and find a breach, if they are ready to comply with the law, what is the point of making noise? It’s only when an organisation is unwilling to comply with the law that we are forced to impose sanctions,” he said.

Experts believe the Commission’s growing assertiveness shows a turning point. For years, compliance was largely voluntary, but this change shows that regulators are no longer content with awareness campaigns. 

The NDPA, modelled after global standards such as the GDPR, is designed both to protect Nigerians’ personal data and also to give local firms credibility in regional and international markets.

The post NDPC Launches Probe into 1,369 Organisations Over Data Protection Breaches appeared first on Tech | Business | Economy.

A detailed review by cybersecurity firm Surfshark reveals that five major social media platforms, Meta’s Facebook and Instagram, TikTok, LinkedIn, and X (formerly Twitter), have together gotten fines amounting to €3.9 billion. Meta alone is responsible for nearly 70% of that figure.

The most eye-opening fine came in 2022, when Instagram was ordered to pay €405 million. The offence? Automatically setting business accounts created by children to public, exposing sensitive information without consent. 

Then came another blow in late 2024, Facebook was fined €251 million following a data breach that compromised the personal data of minors. These incidents make Meta the most penalised company under the GDPR framework.

TikTok hasn’t escaped this either. Its failure to properly handle children’s data has led to three separate fines, with the most recent one issued this year. 

Together, these penalties total €890 million. The platform allowed underage accounts to default to public failed to provide privacy policies in local languages like Dutch, and permitted adults to falsely register as legal guardians, without verifying their authority to do so.

LinkedIn and X have each received single fines, €310 million and €450,000 respectively. Platforms like YouTube, Snapchat, Pinterest, Reddit, and Threads have so far avoided penalties, but experts caution that this is not necessarily evidence of full compliance.

“The current enforcement efforts by data protection authorities are rather reactive, sometimes they are non-existent at all,” said Felix Mikolasch, a data protection lawyer at NOYB, a European privacy advocacy group. 

Over one-third of all GDPR fines issued to social platforms relate specifically to mishandling children’s data.

We see that the European Union is stepping up its enforcement of GDPR rules, particularly as digital platforms increasingly target younger audiences and collect vast amounts of personal information. 

Since Surfshark’s last report in October 2023, there has been a 30% jump in the total value of fines, driven by four new cases, two linked to Meta, one to LinkedIn, and another to TikTok.

Meanwhile, here in Nigeria, social media companies including Meta and TikTok operate freely, despite evidence of similar data practices. No major fines have been announced. The Nigeria Data Protection Commission (NDPC) has opted for a softer, compliance-first approach.

“Usually, when we investigate and find a breach, if they are ready to comply with the law, what is the point of making noise?” said the NDPC’s National Commissioner, Dr. Vincent Olatunji. “It’s only when an organisation is unwilling to comply with the law that we are forced to impose sanctions.”

Dr. Olatunji added that the Commission also considers the economic impact. Penalising foreign tech companies could send the wrong signals to investors. 

That rationale might explain why, despite operating under Nigeria’s Data Protection Act, which mirrors many of GDPR’s core principles, no social media platform has yet been held publicly accountable for breaches.

This raises a fundamental question which says can a model based on dialogue and remediation work where enforcement by example has already proven effective elsewhere?

Europe’s approach is that any company that breaks the rules pays the price. Nigeria’s model, however, leans heavily on trust, hoping compliance will come without punishment. 

The post Meta Tops EU List for Child Data Violations, Fined €2.7 Billion Under GDPR appeared first on Tech | Business | Economy.

The NDP Act – General Application and Implementation Directive (NDP Act-GAID) 2025, is a comprehensive framework designed to execute data privacy laws and protect citizens’ personal information.

Speaking at a press conference in Abuja, NDPC’s National Commissioner and CEO, Dr Vincent Olatunji, said there’s no room for ambiguity. “No organisation can feign ignorance of its obligations under the law.” With this directive, companies must now embed data protection into their operations or face serious consequences.

The directive is the result of over a year of extensive work. After President Bola Ahmed Tinubu signed the Nigeria Data Protection Bill into law on 12 June 2023, NDPC moved swiftly to create a framework that ensures compliance across all sectors.

A National Committee of legal and technical experts was established in September 2023 to draft the directive, with broad consultations held across Lagos and Abuja.

The final document outlines clear regulations in 14 key areas, covering lawful data processing; privacy rights; cross-border data transfers; AI ethics; data protection officer training and certification; and standardised grievance redress mechanisms.

One of the most noteworthy changes is the introduction of the Standard Notice to Address Grievance (SNAG), which allows individuals to challenge privacy breaches directly with data controllers before escalating complaints to NDPC. 

Dr Olatunji stressed the importance of this, stating, “We have fully democratised privacy breach remediation process for data subjects.” He further explained that with the automated SNAG system, “Over 230 million Nigerians are now our immediate and direct partners in ensuring adequacy of data protection in Nigeria.”

Organisations have six months to comply, with full enforcement beginning in September 2025. Financial penalties and compliance fees will take effect from January 2026. NDPC has made it clear that failure to comply will not be tolerated.

Dr Olatunji reinforced the importance of accountability, saying, “The need to hold data controllers and data processors accountable for their acts and omissions which affect the rights of others cannot be gainsaid.” This directive forces businesses to adopt privacy-by-design principles, making data security an integral part of their operations rather than an afterthought.

To help organisations meet these requirements, NDPC will provide guidance notices, training sessions, and advisory updates. The Commission also intends to gather ongoing feedback to refine the directive where necessary.

Dr Olatunji appreciated the Federal Government, particularly President Tinubu and the Minister of Communications, Innovation, and Digital Economy, Dr Bosun Tijani, for their support. However, he made it clear that the real work lies ahead: “Going forward, we shall be providing guidance notices and advisories to illustrate the requirements of the law towards deepening the culture of data privacy and protection.”

The post NDPC Enforces New Data Privacy Laws, Holds Businesses Accountable from Sept 2025 appeared first on Tech | Business | Economy.

Part of an enforcement by the Nigeria Data Protection Act (NDPA), the goal is to strengthen data security and accountability in the country.

At a press briefing in Abuja, NDPC’s Chief Executive Officer, Dr Vincent Olatunji, confirmed the ongoing probe, stating, “As we speak, we have even gone to the extent of investigating multinationals. We are currently investigating TikTok and Truecaller in the area of data privacy.”

The commission is assessing whether these global platforms comply with Nigeria’s data protection regulations. If violations are found, the companies could be required to implement corrective measures. Olatunji clarified that the NDPC’s approach is not to impose immediate penalties but to guide organisations toward compliance.

When the NDPC first started monitoring data protection compliance, only 4% of companies in Nigeria adhered to the regulations. However, through sustained enforcement and stakeholder engagement, compliance levels have now risen to over 55%. This shift shows the level of awareness when it comes to data privacy among businesses operating in Nigeria.

Unlike regulators that immediately impose fines, the NDPC first evaluates the severity of breaches and their impact on individuals and the economy. Organisations found to be non-compliant are given specific steps to rectify their lapses. They must maintain proper records of data processing activities, and the commission monitors their progress for six months to a year.

While the NDPC prefers remediation over punitive action, Olatunji warned that stricter enforcement would be applied when necessary.

Beyond investigations, the NDPC has also introduced the Nigeria Data Protection Act – General Application and Implementation Directive (NDP Act-GAID), a detailed framework to help businesses comply with the law. This directive covers key areas such as data protection principles, legal grounds for processing personal data, cross-border data transfers, and mechanisms for handling grievances.

A highlight is the introduction of the Standard Notice to Address Grievance (SNAG), which allows individuals to demand corrective action from companies handling their data—without first involving the NDPC. Olatunji stated that this empowers Nigerians to take charge of their data privacy, holding businesses accountable in real-time.

Full implementation of the directive will commence in September 2025, with a six-month transition period for businesses to align with the new requirements. Provisions related to fees will take effect in January 2026.

The NDPC has assured that it will continue to provide advisory notices and training programmes to ensure that Nigeria’s data protection culture stays strong even as technology brings changes.

The post NDPC Investigates TikTok, Truecaller Over Alleged Data Breaches appeared first on Tech | Business | Economy.

The Nigeria Data Protection Bill assented to by President Bola Ahmed Tinubu, was a major consideration in accrediting Nigeria as a member of the prestigious Assembly.

Similarly, the establishment of the Nigeria Data Protection Commission under the Act as the independent data protection authority for Nigeria is a key index in assessing the adequacy of data protection in a country.

The decision on Nigeria’s accreditation was announced during the 45th Global Privacy Assembly Closed Session, held between October 15th through 20th, 2023 in Bermuda.

GPA, which was instituted in 1979, seeks to provide international platform for coordinating transborder efforts in the advancement of data privacy and protection. It currently comprises 130 Data Protection Authorities from countries around the world. Germany, United Kingdom, Spain, South Africa, Portugal, Canada, Senegal are some of the countries with DPAs in Global Privacy Assembly

Upon receiving the news of Nigeria’s status as a member of the GPA, the National Commissioner/CEO, NDPC, Dr Vincent Olatunji expressed optimism that the effort of the Federal Government on digital transformation is yielding positive results.

He called on stakeholders in the Data Processing ecosystem to maintain high standard of care in handling personal data. This will go a long way in strengthening trust and confidence in Nigeria’s emerging digital economy.

The post Nigeria Earns Accreditation into Global Privacy Assembly (GPA) appeared first on Tech | Business | Economy.