Law: Data Protection Act, 2012 (the Data Protection Act)

Regulator: The Data Protection Commission (the DPC)

Summary: The Data Protection Act, 2012 came into force on October 16, 2012. The Data Protection Act provides the general data privacy framework for Ghana and is applicable to both public and private bodies.

Notably, one of the key areas of the Data Protection Act relates to assessable processing, under which the Ministry of Communications (the Minister) is given power by an executive instrument to specify actions which constitute assessable processing. Additionally, data controllers are required to register with the Data Protection Commission (DPC) in the register of data controllers. Another notable feature of the Data Protection Act is that it prohibits the processing of information which would cause unwarranted damage or distress to an individual and provides that such an individual is entitled to compensation in case of damage or distress if the data controller contravenes the requirements of the Data Protection Act.

Importantly, Ghana is a signing member of the Economic Community of West African States (ECOWAS) Supplementary Act A/SA. 1/01/10 on Personal Data Protection within ECOWAS and has signed and ratified the African Convention on Cyber Security and Personal Data Protection (the Malabo Convention).