Nigeria: Data Protection Commission announced investigation into compliance with Data Protection Act of 2023

On 25 August 2025, Nigeria's Data Protection Commission (NDPC) announced a sector-by-sector investigation into organisations' compliance with the Nigeria Data Protection Act of 2023. The investigation applies to insurance companies, pension firms, gaming companies, banks, and insurance brokers. The organisations are required to provide compliance evidence within 21 days, including 2024 audit returns, Data Protection Officer appointments, technical protection measures, and registration as Data Controllers or Processors of Major Importance. It was highlighted that non-compliance may result in enforcement orders, administrative fines, or criminal prosecution under the NDP Act.