NDPC issues data protection advisory over rising cyber threats in Nigeria

On April 16, 2026, the Nigeria Data Protection Commission (NDPC) issued a regulatory advisory to all data controllers and processors nationwide, citing escalating threats from shadowy actors targeting financial systems and key digital infrastructure. The advisory notes that the threat landscape has intensified, prompting a reminder of President Bola Ahmed Tinubu's directive that data is the new oil and must be rigorously captured and safeguarded under the Nigeria Data Protection Act 2023.

The NDPC urges immediate strengthening of technical and organisational measures: appointing trained and certified Data Protection Officers, developing and enforcing privacy policies and information security standards, conducting Data Privacy Impact Assessments, deploying multi-factor authentication and zero-trust architecture, securing cloud services, APIs, databases and credentials, implementing real-time monitoring, logging and threat detection, encrypting data and managing keys, performing vulnerability assessment and penetration testing on critical systems, and ensuring regular backup, recovery and resilience testing. The Commission says it will provide regulatory support, while organisations that fail to comply may face legal liabilities under the NDP Act.

Given the rising risk to personal data and essential services, what concrete steps will your organisation take to meet these requirements, and how will you verify that protections are effective and up to date?

SOURCE: https://dailypost.ng/2026/04/16/ndpc-issues-data-protection-advisory-over-escalating-threats/