PalmPay moves beyond compliance, builds company-wide privacy defence system

Fintech company PalmPay is shifting its data protection strategy beyond regulatory compliance by embedding privacy responsibilities into the daily work of every employee, as cyber threats continue to expose personal information of thousands of Nigerians.

The company has launched an internal Privacy Champions Programme alongside a specialised two-day data protection workshop for employees, a move aimed at strengthening its internal defence against data breaches at a time when Nigeria is witnessing growing cybersecurity challenges.

The initiative comes as new figures from cybersecurity firm Surfshark show that about 281,500 Nigerian user accounts were compromised during the first quarter of 2026, making the country the world’s 34th most breached nation during the period. The statistics underscore growing concerns over how organisations collect, process and safeguard customer information in an increasingly digital economy.

Read also: Why Nigeria’s biggest firms are sitting on record cash instead of expanding

PalmPay said the workshop, facilitated by the Nigeria Data Protection Commission (NDPC) and Data Protection Compliance Organisation, TechHive Advisory, equipped employees with practical knowledge on privacy governance, responsible data handling, incident awareness and their individual obligations under the Nigeria Data Protection Act (NDPA) 2023.

The fintech company is expanding ownership across every department through its newly established Privacy Champions Programme.

The initiative creates a network of trained employee representatives across different business units who will promote best practices, increase awareness and ensure privacy considerations become part of everyday business decisions.

The approach reflects a growing trend among financial technology firms that increasingly recognise that many security incidents originate from human error rather than technical system failures.

Chika Nwosu, managing director of PalmPay, said protecting customer information remains central to the company’s operations because customer trust is one of the most valuable assets in digital financial services.

“At PalmPay, protecting customer information is fundamental to maintaining the trust our customers place in us every day and remains central to our operations,” Nwosu said.

He noted that available statistics suggest that about one in every 10 Nigerians has experienced a data breach, making it even more important for organisations to strengthen internal awareness and ensure personal information is collected, processed, stored and protected responsibly.

“This specialised training reflects our continued investment in strengthening internal awareness and ensuring our teams remain equipped to uphold the highest standards of data privacy and protection,” he added.

The company said the programme forms part of its broader efforts to comply fully with the Nigeria Data Protection Act while continuously improving its internal governance framework.

For a digital financial services platform serving millions of users, PalmPay said privacy has become an operational priority rather than simply a regulatory requirement.

Industry experts have increasingly argued that stronger internal governance is becoming just as important as investments in cybersecurity infrastructure, especially as financial institutions process growing volumes of sensitive customer information through digital platforms.

By creating privacy champions across its workforce, PalmPay aims to build a culture where employees become the first line of defence against data misuse, accidental disclosures and other privacy risks.

The company also urged customers to play their part in protecting personal information by safeguarding account credentials, exercising caution when sharing sensitive information online and reporting suspicious activities promptly.

Read also: Meta, FG partner to strengthen youth online safety with teen accounts

PalmPay said creating a secure digital ecosystem requires collaboration between organisations, regulators and customers, noting that technology alone cannot eliminate emerging cyber risks without greater public awareness and responsible data practices.

The initiative adds to growing efforts within Nigeria’s financial technology industry to strengthen customer confidence as digital payments continue to expand and regulators place greater emphasis on privacy, cybersecurity and responsible handling of personal information.

As Nigeria’s digital economy grows, experts say companies that successfully build strong privacy cultures internally are likely to enjoy stronger customer trust and greater resilience against increasingly sophisticated cyber threats.