NDPA Compliance Update for Financial Institutions

Critical Information for Fintechs, MFBs & Digital Lenders

The Nigeria Data Protection Commission (NDPC) has intensified enforcement under the Nigeria Data Protection Act (NDPA) and the General Application & Implementation Directive (GAID). Financial institutions are now a priority due to the volume of sensitive customer data they process, the scale of digital transactions, and the high-risk nature of financial operations.

What is GAID?

GAID (General Application & Implementation Directive) is the NDPC’s official enforcement framework under the NDPA. It mandates continuous, demonstrable compliance for any organisation processing financial or customer identity data.

Financial institutions must show evidence of: • Regular privacy audits • Secure data processing systems • Staff training and awareness • Documented data protection policies • Vendor and third-party data compliance • Strong breach-response mechanisms

GAID requires active, ongoing compliance—not one-off certifications.

Why Financial Institutions Are a Top Enforcement Target

Financial organisations process highly sensitive data including BVN, NIN, IDs, card details, statements, biometrics, loan records, and transaction histories.

Because of the systemic risk of financial data breaches, fintechs, MFBs, digital lenders, cooperatives, and investment companies are at the center of NDPC’s current enforcement focus.

Penalties for Non-Compliance: 2% of Gross Revenue or ₦10M Minimum

₦100m revenue ₦10m fine

₦500m revenue ₦10m fine

₦2bn revenue ₦40m fine

₦10bn revenue ₦200m fine

NDPC enforcement actions include penalties of ₦555.8m (2024) and ₦766.2m (2025)

What Financial Institutions Must Now Demonstrate

Annual privacy audit & continuous monitoring
Dedicated Data Protection Officer (internal/external)
Documented data protection & privacy policies
Staff training for operations, support & engineering teams
Compliance for third-party processors (KYC, payments, CRM)
Data retention & deletion policies
Secure handling of sensitive identifiers (BVN, NIN, card data)
Breach detection, logging & incident response

Institutions that cannot demonstrate compliance risk enforcement action and significant penalties.

How We Support Your Organisation

Complete GAID audit in 5 days

Continuous compliance monitoring

All required documentation & policies

Employee training for all teams

NDPA compliance certificate

12-month advisory & support

Free NDPA Readiness Assessment — Today Only

Our compliance specialist will assess your organisation and outline your next steps.

Speak with our agent to schedule your assessment