
Digital financial services provider PalmPay has strengthened its internal data protection framework with a new employee training programme and privacy governance initiative as concerns grow over the scale and frequency of cyber and data security breaches in Nigeria’s digital economy.
The company said in a statement on Monday that the move is aimed at deepening compliance with the Nigeria Data Protection Act 2023 and embedding privacy awareness across its workforce, at a time when financial technology platforms are increasingly handling large volumes of sensitive customer information.
The initiative includes a two-day data protection workshop for employees, facilitated by the Nigeria Data Protection Commission alongside TechHive Advisory, a data protection compliance organisation. The sessions focused on privacy governance, regulatory obligations, incident response awareness, and the role of employees in safeguarding personal data.
PalmPay also launched an internal Privacy Champions Programme, which designates employees across business units as designated privacy representatives responsible for promoting best practices, strengthening awareness, and reinforcing compliance standards across daily operations.
The programme is designed to decentralise data protection responsibility within the organisation, shifting it from a compliance function to a company-wide operational practice embedded in routine decision-making and service delivery.
The initiative comes against a backdrop of heightened concern over cybersecurity risks in Nigeria and globally. According to a recent quarterly analysis by cybersecurity firm Surfshark, an estimated 281,500 user accounts were compromised in Nigeria in the first quarter of 2026, placing the country 34th globally in terms of recorded data breaches.
While the figures reflect broader global trends in cyberattacks targeting digital platforms, they underscore growing pressure on financial technology companies operating in Nigeria’s rapidly expanding digital payments ecosystem, where customer data volumes have surged alongside mobile adoption and cashless transactions.
Speaking on the initiative, PalmPay’s managing director, Chika Nwosu, said protecting customer data was central to the company’s operations and its ability to maintain trust.
Related News Telecom regulator NCC gets recognition
Democratising wealth creation for shared prosperity in Nigeria
Group initiates digital protection toolkits for N’East civic actors
“At PalmPay, protecting customer information is fundamental to maintaining the trust our customers place in us every day and remains central to our operations,” he said. “Statistically, 10 out of 100 Nigerians have been affected by data breaches. This specialised training reflects our continued investment in strengthening internal awareness and ensuring our teams remain equipped to uphold the highest standards of data privacy and protection.”
PalmPay, which operates as a digital financial services platform serving millions of users, has positioned data protection and operational resilience as core pillars of its business strategy, particularly as competition intensifies in Nigeria’s fintech sector.
Fintech adoption expands across Africa’s largest economy; regulatory scrutiny and consumer expectations around data privacy are also rising, forcing operators to invest more heavily in compliance systems, cybersecurity infrastructure, and internal risk management processes.
Nigeria’s data protection framework has evolved significantly in recent years, culminating in the NDPA 2023, which introduced stricter obligations for data controllers and processors, including fintech companies that rely heavily on customer behavioural and transactional data.
The law also established the Nigeria Data Protection Commission as the primary regulator responsible for enforcement, oversight, and capacity building within the sector.
PalmPay said its latest initiatives are part of a broader effort to institutionalise privacy awareness across its organisation while encouraging employees to take an active role in identifying and mitigating potential risks in day-to-day operations.
Beyond internal measures, the company also urged customers to adopt safer digital practices, including protecting account credentials, exercising caution when sharing personal information online, and reporting suspicious activity promptly.
It said maintaining a secure digital ecosystem would require collaboration between financial institutions, regulators, and users, particularly as Nigeria’s digital economy continues to expand and attract more cyber-related threats.
View original source — The Punch ↗



