WHAT YOU NEED TO KNOW ABOUT DATA PROTECTION IN GHANA-Part 1 1. Legal Framework ▪
Data Protection Act, 2012 (Act 843) establishes a Data Protection Commission to among others protect the privacy of the individual and personal data by regulating the processing of personal information and to provide for the process to obtain, hold, use or disclose personal information.
2. General Considerations ▪
A person processing data is required to consider the privacy of the individual by applying the principles of accountability, lawfulness of processing, specification of purpose, data security safeguards and data subject participation among others.
3. Registration with Data Protection Commission ▪
The Law requires all who keep or process or intend to keep or process another person’s personal data to register with the Data Protection Commission, irrespective of whether the personal data is held by them in an automated form, that is, a structured set of information forming part of a relevant filing system
4. Obligations ▪
The company must ensure that the data collected is for a specific purpose, explicitly defined and lawful and is related to the functions or activity of the person. Any further processing of the data must also be for that specific purpose for collection
▪
A company may refuse to disclose personal data where disclosing will result in disclosing data related to another individual whose consent is required for such disclosure.