Odimmegwa Johnpeter/Abuja
The Nigeria Data Protection Commission has issued data protection advisory on escalating threats to data security architecture. This was contained in a statement signed by Babatunde Bamigboye, Esq, Head, Legal, Enforcement and Regulations, NDPC. The statement reads in part: “Nigeria Data Protection Commission (NDPC) hereby issues this regulatory advisory to all Data Controllers and Data Processors in response to the escalating threat to data security infrastructure. The Commission’s technical assessment indicates that some shadowy threat actors have engaged in coordinated operations targeting financial systems and some key digital infrastructure in Nigeria.
“Public establishments are therefore reminded of the Presidential Directive of His Excellency, President Bola Ahmed Tinubu, GCFR, declaring that, “Data is the new oil, its value increases the more it is refined and responsibly shared. I therefore direct all Ministries, Extra-Ministerial Departments and Agencies to capture information rigorously and safeguard it under the Nigeria Data Protection Act 2023.”
“In view of the foregoing, the Commission strongly advises that data controllers and processors (including MDAs) are to urgently step-up their technical and organisational measures to ensure the privacy of all Nigerians and other data subjects in line with the Nigeria Protection Act, 2023 (NDP Act).
“These measures include but are not limited to:
a) Appointment of duly trained and certified Data Protection Officers
b) Development and effectual implementation of Privacy Policies, and information security standards
c) Carrying out Data Privacy Impact Assessments
d) Deployment of robust identity and access controls, including Multi-Factor Authentication (MFA)
e) Implementation of zero-trust security architecture and network segmentation
f) Immediate remediation of identified system vulnerabilities and continuous patch management
g) Securing cloud infrastructure, APIs, databases, and access credentials
h) Implementation of real-time monitoring, logging, and threat detection mechanisms
i) Implementation of encryption, key management, and secure credential handling
j) Conduct of Vulnerability Assessment and Penetration Testing (VAPT) on critical systems
k) Regular backup, recovery, and resilience testing.
“The Commission is prepared to provide requisite regulatory support to organisations in order to ensure adequate level of data privacy and protection. Organisations that fail or neglect to implement appropriate measures as required under the Nigeria Data Protection Act, 2023 may incur legal liabilities. The Commission remains committed to protecting personal data, strengthening institutional resilience, and ensuring compliance across all sectors, ” it also added.
