April 17, 2026 | Destiny Young
The Nigeria Data Protection Commission, NDPC, has issued a regulatory advisory warning of escalating threats to data security architecture across Nigeria.
In the advisory dated 16 April 2026, the Commission said its technical assessment showed that threat actors had engaged in coordinated operations targeting financial systems and key digital infrastructure in the country.
The NDPC said the advisory was directed at all data controllers and data processors, including Ministries, Departments and Agencies, and urged them to strengthen technical and organisational safeguards to protect personal data and privacy rights under the Nigeria Data Protection Act, 2023.
According to the Commission, public institutions should act in line with the Federal Government’s directive on responsible data governance and ensure that information is captured rigorously and protected under the law.
The advisory listed a series of urgent measures organisations are expected to implement. These include appointing duly trained and certified Data Protection Officers, developing and enforcing privacy policies and information security standards, and conducting Data Privacy Impact Assessments.
Other measures include deploying stronger identity and access controls such as multi-factor authentication, adopting zero-trust security architecture and network segmentation, and fixing identified vulnerabilities through continuous patch management.
The Commission also called for tighter security around cloud infrastructure, APIs, databases and access credentials, alongside real-time monitoring, logging and threat detection systems.
It further advised organisations to implement encryption, key management and secure credential handling, carry out vulnerability assessment and penetration testing on critical systems, and maintain regular backup, recovery and resilience testing.
The NDPC said it was ready to provide regulatory support to organisations to help ensure adequate levels of data privacy and protection.
It warned that organisations that fail or neglect to implement appropriate safeguards as required under the Nigeria Data Protection Act, 2023, could face legal liabilities.
The advisory was signed by Babatunde Bamigboye Esq. CDPPR, Head, Legal, Enforcement and Regulations.
