The Nigeria Data Protection Bureau (the bureau) has commenced investigations into reports of breach of data privacy involving two major data controllers in Nigeria, namely, Wema Bank PLC and KC Gaming Networks (Bet9ja).
This is in line with Section 37 of the 1999 Constitution and the provisions of Nigeria Data Protection Regulation (NDPR) 2019 – particularly Articles 2.1(2)-(3), 2.6 and Article 4 of the NDPR.
A statement by NDPB’s legal, enforcement and regulations lead, Babatunde Bamigboye Esq. recalled that in May 2022, some customers of Wema Bank PLC complained of breach of their rights to data privacy and protection by the bank. This data processing, according to the complaints against the bank, involves using their personal data to open accounts. The bureau is also investigating report of breach of data privacy at KC Gaming Networks. The breach in this case involved alleged external attack on the KC Gaming Networks.
At this stage, the objectives of these investigations as directed by the national commissioner of the bureau, Dr. Vincent Olatunji, are to determine the impact of the breaches on the affected data subjects and the remedial actions taken by the concerned data controllers. The Bureau assures members of the general public that it will ensure proper accountability of the data controllers in the ongoing investigations.