Nigeria: Data Protection Commission issued advisory on escalating data security threats
Description
Data Protection Commission issued advisory on escalating data security threats
On 16 April 2026, the Nigerian Data Protection Commission (NDPC) issued a regulatory advisory to all data controllers and processors in response to rising cybersecurity threats affecting financial systems and key digital infrastructure in Nigeria. The advisory calls on organisations to strengthen their technical and organisational measures, including appointing certified data protection officers, implementing multi-factor authentication, adopting zero-trust security architecture, conducting vulnerability assessments and penetration testing (VAPT), and ensuring real-time threat monitoring, among other measures. It further notes that non-compliance may result in legal liability under the Nigeria Data Protection Act, 2023.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority