Data Protection Commission seeks prosecution of 250 defaulting institutions
The institutions owed the Commission GH¢1.5 million after collecting and personally processing information of individuals as data controllers over the years.
Madam Patricia Adusei-Poku, the Executive Director of the Commission, said her outfit had taken the decision to haul the defaulters before court with the aid of the Attorney-General’s office after the grace period given them had expired.
Madam Adusei-Poku made this known when the Commission paid a visit to the Attorney General to hand over a compiled list of 251 defaulting Data Controllers for punitive action.
The Commission is a statutory body established under the Data Protection Act, 2012 (Act 843) to protect the privacy of the individual and personal data by regulating the processing of personal data, choices of technologies and integrity of people with access to personal data.
“Since October 2020, we gave them an amnesty period of six months to allow those defaulting to come and register themselves as required under Section 46(3) of the Act to comply with the obligation,” the Executive Director said.
She said all institutions that had collected and processed data even before the promulgation of the Act needed to register and pay since the law takes retrospective effect.
The Act provides for the establishment of a data Protection register which is to be maintained by the Commission and to which data controllers must compulsorily register under Section 46.
She said the Commission provided for the process to obtain, hold, use, or disclose personal information and for other related issues bordering on the protection of personal data.
The Executive Director said since Ghana’s digital transformation agenda kicked off, the Commission had been very keen in making public the mandates under the act for both Data Controllers and rights of Data subjects.
The Act also regulates how personal information is acquired, kept, used, or disclosed by data controllers and data processors in compliance with the Act.
She said entering the enforcement phase of compliance with the Act, the DPC issued notice letters to various companies cautioning them to register with the Commission or risk facing the law.
“While some Data Controllers stepped up to comply with the Act others remained adamant to the cautions,” she added.
Mrs Yvonne Atakora – Obuobisa, the Director of Public Prosecution, who received the list on behalf of the Attorney General, advised the Commission to give an additional 14-day period to the defaulters and after which action could be taken to prosecute them.