You are here:

Ghana: New law requires data holders to register


Ghana’s Data Protection Act, 2012 (ACT 843), a legislation enacted by the Parliament of the Republic of Ghana to protect the privacy and personal data of individuals was first introduced in Parliament in 2010, before passage in 2012. Eventually receiving Presidential assent on May 10, 2012, the notice of the Act was gazetted on 18 May 2012, and in accordance with Section 99, the Act came into effect on 16 October 2012.

The Data Protection Commission (DPC) has, at the moment, opened registration with a call on all institutions and individuals that collect, use, hold or process any kind of personal information on persons living in Ghana to register as Data Controllers or Data Processors after which the Commission will publish all such records on its online public register after 31st July 2015.

Need for Data Protection

Today, personal information such as names, telephone numbers, pictures, addresses, birth dates, medical reports, accounts, and credit card information and many others are collected by individuals or organizations and processed for various reasons. The privacy and data protection rights of an individual must therefore be respected by those collecting and processing such information

Essentially, this ACT regulates the process personal information is acquired, kept, used or disclosed by data controllers and data processors by requiring compliance with certain data protection principles. Noncompliance with provisions of the Act may attract either civil liability, or criminal sanctions, or both, depending on the nature of the infraction.

Who Must Get Registered

Established with a mandate to ensure compliance with its provisions, as well as maintain the Data Protection Register, the DPC is asking all who process personal data i.e. institutions and individuals who in the performance of their function process personal data or information to get duly registered. Personal data or information simply means data about an individual who can be identified. This, then, includes, Employment Records, Financial Records, Medical/Health Records, Name, Telephone Numbers, and Security Records including images captured on CCTV among others.

With registration window already opened in May 2015, any institution or individual existing prior to the commencement of ACT 843 has 3 months to comply with registration requirements which effectively ends on July 31st, 2015.

How to Register

Registrants must complete process through the Commission’s online portal with applicants required to furnish the Commission with only accurate information to support an application for registration as a data controller. Falsified information is an offence under the ACT.