Data Protection Act 2023 and What is Expected of Fintech Companies

The recent Nigeria Data Protection Act 2023 establishes a legal framework for the protection of personal information and data protection practices in Nigeria. The Act comes with principles and a lawful basis for processing personal data, which is needed in the current age of technology as an enabler of business growth, transactions, and marketing.

The Data Protection Act (DPA) in Nigeria is a crucial piece of legislation that regulates the processing and sharing of personal data (Part VI of the Act). The DPA affects fintech companies that use personal data for their services. The requires companies to obtain the consent of individuals before processing their data and ensure that the data is protected against any unauthorized use
or disclosure. 

Relevant to this development is that Section 33 of the Act requires them to appoint a data protection officer whose responsibility is to ensure compliance with the DPA.

The data protection officer has these responsibilities:

1. Informing the data controller or processor, as well as the employees involved in
processing, about their obligations under this Act.
2. Monitoring compliance with this Act and the related policies of the data controller
or processor.
3. Acting as the Commission’s point of contact for data processing issues.

Therefore, the consequences of the DPA for fintech companies in Nigeria are that they need to be extremely cautious and vigilant in handling personal data. Moreover, the Act requires data controllers/data processors to implement robust security measures to protect their customers’ data and follow strict protocols for obtaining consent. Failure to comply with these regulations can lead to fines and reputational damage for the companies.

However, the DPA also presents an opportunity for fintech companies to build trust with their customers by demonstrating their commitment to data protection.

Additionally, there is a need to implement strong security measures to protect their customers’ data and adhere to strict consent-gathering protocols. Noncompliance with these regulations can result in hefty fines and reputational damage for the companies.