| Authority: | Nigeria Data Protection Bureau |
|---|---|
| Jurisdiction: | Nigeria |
| Relevant law: | Section 37 of the Constitution |
| Type: | Complaint |
| Outcome: | Violation |
| Started: | April 2023 |
| Decided: | July 2023 |
| Published: | No |
| Fine: | Naira 555.8 Million |
| Parties: | Fidelity Bank |
| Case No./Parties: | N/A |
| Appeal: | N/A |
| Original Source: | NDPC |
| Original contributor: | MZIZI Africa |
Fidelity Bank PLCA Bank has been fined N555.8 Million for violating the provisions of the Nigeria Data Protection Regulation (NDPR) by opening accounts without the Complainant’s consent.
The Nigeria Data Protection Bureau (NDPB), launched an investigation launched after a complaint from a data subject that alleged that Fidelity Bank had collected personal data without a lawful basis to open an account.
During its review, the Commission discovered that the bank processed personal data without obtaining informed consent from data subjects.
These breaches were found to involve tools such as cookies and the bank’s mobile app, which had been downloaded over one million times.
In addition to its non-compliance, Fidelity Bank was found to be relying on third-party data processors that were also not compliant with the regulations contrary to the requirements of the law which requires organizations to ensure that their vendors, agents, and contractors adhere to the same standards when handling personal data.
The Commission’s initial decision was issued in July 2023, followed by a directive in December 2023 to pay a remedial fee. Despite over ten correspondences and repeated warnings, the bank failed to present a satisfactory remedial plan necessitating the imposition of the fine whivh is equivalent to 0.1% of the bank's gross revenue in respect of Y2023.
The decision is not available but a press release by the Bureau and a release is provided below.
Fidelity Bank Fined ₦555.8 Million for Data Protection Violations by NDPC