Nigeria’s data protection industry has grown into a N16.2 billion industry two years after its formal regulation.
National Commissioner and Chief Executive Officer of the Nigeria Data Protection Commission (NDPC), Dr Vincent Olatunji, disclosed this during a media workshop and capacity-building engagement held in Lagos.
According to him, the growth reflects rising enforcement, compliance activity, and increasing confidence in Nigeria’s digital governance framework, even though the NDPC was not designed as a revenue-generating agency.
He explained that regulatory compliance fees and enforcement actions under the Nigeria Data Protection Act (NDPA), 2023, have created significant economic value while also contributing to government revenue and job creation across the country.
Olatunji said the revenue recorded so far reflects a clear shift from advisory regulation to enforcement-driven compliance under the NDPA.
According to the Commission, regulatory fees and sanctions have contributed over N5.2 billion to federal revenue while supporting an estimated 23,000 jobs nationwide.
“These investigations have resulted in 11 major enforcement actions, including significant financial penalties and corrective directives.”
“The message is clear: violations of data privacy will attract serious consequences, regardless of the size or status of the organisation involved,” Olatunji stated.
Olatunji said the Commission has concluded 246 investigations into data protection and privacy breaches across multiple sectors, signalling that enforcement will remain central to Nigeria’s data governance strategy.
The NDPC Commissioner linked the Commission’s enforcement milestones to Nigeria’s broader ambition of building a $1 trillion digital economy.
He stressed that accountability and trust are foundational to digital transformation and long-term investment.
“Privacy enforcement is the foundation of digital confidence. By holding violators accountable, we are safeguarding citizens while creating the secure environment required for innovation, investment and sustainable growth,” he said.
Olatunji said the Commission has significantly expanded compliance structures across the economy to support this objective, moving beyond sanctions to system-wide institutional strengthening.
The NDPC has registered 38,677 Data Controllers and Processors of Major Importance, licensed 307 Data Protection Compliance Organisations, and received more than 8,155 Compliance Audit Returns.
In addition, the Commission has issued the General Application and Implementation Directive, which takes effect from September 2025, translated the NDPA into three major Nigerian languages, and launched a multi-sector compliance sweep covering banking, insurance, pensions, and gaming, with 1,348 entities already served with compliance notices.
