At last, the mask has slipped. For years, Nigeria’s corporate giants have paraded themselves as champions of digital transformation, fintech innovation, and customer service. But when it comes to the simplest, most fundamental duty — protecting the personal data of Nigerians — they have been exposed as frauds. The Nigeria Data Protection Commission (NDPC) has done what too few regulators dare: it published a roll call of shame, a list of over 1,300 companies brazenly flouting the law.
Banks, pension managers, insurers, gaming houses — the very institutions entrusted with the financial heartbeat of this country — could not be bothered to meet the most basic legal obligations. They were told: appoint a Data Protection Officer, file audit returns, register properly, implement safeguards. Nothing extraordinary. Nothing beyond their means. And yet, they dragged their feet. They hid behind excuses. They behaved as if the law were optional. This is not carelessness. It is contempt. Contempt for the law, contempt for regulators, and most damningly, contempt for the Nigerian people whose personal data they hoard and monetise with abandon. Citizens hand over their information in good faith. These companies cash the cheques and grow their balance sheets, while treating compliance as a trifling annoyance. That arrogance has now been dragged into daylight.
And let us be clear: this is not just a regulatory hiccup. It is a scandal. A corporate class that lectures the public about “trust,” “innovation,” and “digital inclusion” has been caught naked, indifferent to the very trust they claim to champion. In any serious jurisdiction, such an exposé would trigger resignations, boardroom purges, and shareholder revolts. But here, too many executives still believe they are untouchable, that with the right political phone call or a little creative lobbying, they can wriggle free.
The NDPC has thrown down the gauntlet. The deadline is set. Twenty-one days. Comply or face the consequences. For once, the rules are not written in invisible ink. The penalties are brutal by Nigerian standards — up to two percent of annual gross revenue for the bigger firms. That could wipe millions from profit sheets. And rightly so. If you cannot respect the people whose data you hold, then you should pay for the privilege of your negligence.
But the Commission must not blink. Too many times, Nigeria has witnessed regulators puff their chests, bark loudly, and then slink quietly into irrelevance when the powerful push back. That cycle cannot repeat. If these firms fail to comply, they must be dragged through the courts, fined until it hurts, and barred from business until they can prove they take privacy seriously. Anything less will reduce this entire exercise to theatre.
Let’s be brutally honest: this is a cultural rot in Nigerian boardrooms. Compliance is treated as decoration, not discipline. Executives happily bankroll glossy adverts and headline-grabbing CSR projects, yet starve compliance teams of budget and influence. They want the brand polish of being “digital leaders” without the hard graft of governance. That hypocrisy is now in the open. Nigerians should remember these names. Investors should take note. These are not forward-thinking companies — they are reckless gamblers with other people’s information.
The stakes are enormous. Data is no longer a side issue; it is the currency of modern economies. Mishandling it is not just a technical fault, it is a betrayal. Every Nigerian whose bank details, health records, or biometric identifiers are stored carelessly is left vulnerable to fraud, exploitation, and abuse. Every company that fails to protect it is complicit.
The NDPC’s action should be the beginning, not the end. We need a new culture of fear in corporate Nigeria — fear of the regulator, fear of public backlash, fear of losing licences. Until executives wake up in the night sweating about data breaches and compliance failures, nothing will change.
For too long, our companies have played at being digital while behaving like bandits. That game is over. They have been named. They have been shamed. Now they must be punished, or the NDPC itself will lose credibility. Nigeria cannot build a credible digital economy on the back of non-compliance with regulations.
Enough of the excuses. Enough of the contempt. The Nigerian people deserve better than corporate delinquents who treat their privacy as disposable. The time for talking is done. Either these companies step into line or they should be dragged there, kicking and screaming.
1.9K
