A Nigerian tier-2 bank, known for its market capitalization of ₦323 billion, has received a fine of ₦555.8 million from the country’s data protection regulator due to a data breach incident. The fine amounts to 0.1% of the bank’s revenue in 2023 and is required to be paid within 14 days, according to Nigeria’s Data Protection Commission (NDPC).
The investigation into the bank’s activities commenced in April 2023 after a customer reported unauthorized use of their personal information to open an account.
The NDPC stated that after reviewing Fidelity Bank’s data processing systems, it was discovered that the bank had processed personal data without the consent of the individuals affected in certain instances.
Furthermore, it was revealed that the bank had engaged non-compliant third-party data processors, which was a violation of the 2023 Nigeria Data Protection Act.
Fidelity Bank has not yet responded to requests for comments regarding the issue.
The regulator mentioned that the bank was initially asked to pay a remedial fee in December 2023 but failed to comply despite repeated warnings.
“The commission provided multiple opportunities over a year for full accountability, with the intention of fostering a culture of compliance. However, Fidelity Bank did not present an adequate remedial plan as required,” as per the NDPC.
In a separate incident in July 2024, Whatsapp was fined $200 million by Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC) and the NDPC after a three-year investigation into the company’s privacy policy.
