Data Protection Commission to prosecute non-compliant Data Controllers

On Feb 10, 2022

The Data Protection Commission of Ghana has compiled a list of non-compliant data controllers to be forwarded to the Attorney General’s department to commence legal proceedings.

This follows the refusal by some Data Controllers to register with the Data Protection Commission as mandated by law under Section 46(3) of the Data Protection Act 2021 (Act 843).

Ghana joined the rest of the world on January 28, 2022, to celebrate Data Privacy Day giving the topic on Data Protection the volume it needs.

The Executive Director of the Data Protection Commission of Ghana, Ms Patricia Adusei- Poku spoke extensively on the need for organisations to prioritise data protection, respect others privacy and act in accordance with the Data Protection act to avoid non-compliance.

Riding on the back of all past and recent avenues created for Data Controllers and Data Subjects to engage with the commission on their queries, challenges and/or concerns, the Commission has moved to the next level to instigate legal proceedings against defaulters.

In the meantime, the Commission continues to encourage organisations to do what is right by registering with the Commission, training an employee to become a Certified Data Protection Supervisor (CDPS) and implementing an in-house privacy programme.

The Data Protection Commission (DPC) is a statutory body established under the Data Protection Act, 2012 (Act 843) to protect the privacy of the individual and personal data by regulating the processing of personal data, choices of technologies and integrity of people with access to personal data. The Commission provides for the process to obtain, hold, use, or disclose personal information and for other related issues bordering on the protection of personal data.

Meanwhile, the Data Protection Commission is calling on training institutions interested in the field of Data Protection to come forward for accreditation to assist the commission in offering the Certified Data Protection Supervisor (CDPS) Training as a service.

This follows the commission’s intention to scale up awareness creation on data protection especially among Data controllers and as well as make available accredited institutions nationwide to take up the demand.

Section 58 of the Data Protection Act 2012, Act 843 makes provisions for the appointment of a Data Protection Supervisor who must be qualified and certified.

It is against this background that the Commission is now inviting eligible consultants to indicate their interest by writing to the Commission.

Source: GNA