The Data Protection Commission (DPC) will from August this year commence a nationwide enforcement compliance of Data Protection Act 2012 (Act 843).
To be undertaken by the Enforcement Unit of the Commission, the exercise will involve spot checks, raids, data protection audits, and in some cases, arrest of data managers of institutions.
The Executive Director of DPC, Ms Patricia Adusei Poku, in an interview with Ghanaian Times in Accra on Thursday, said the enforcement action was aimed at holding data controllers of the various institutions accountable to the provisions of the Act.
“The enforcement action may involve arrests of Ultimate Decision Makers/Heads of Institutions who have neglected their legal responsibilities and/or defaulted,” she stated.
The exercise, she explained, followed the Commission’s awareness on data protection and provisions stipulated under the Act.
“Following the Commissions awareness on Data Protection and provisions stipulated under the Act, August 14 has been declared to begin a nationwide enforcement action that will hold accountable Data Controllers,” Ms Poku added.
The enforcement of the Data Protection Act 2012 (Act 843), she said, would focus on Section 46 (3) and 50, which required a data controller to register with the Data Protection Commission and ensure renewal of the registration with the Commission every two years.
Also, Ms Poku said the exercise was to promote compliance through the Section 56 and 82, which mandate the Commission to prosecute persons or organisations who have failed to register, as well as persons or organisations that have placed a conditional request for personal data for the provision of goods and services.
She stated that the Unit would further check the compliance of Section 88, which prohibits the sale of personal data and apply general penalties under the Act for non-compliance.
“The public is hereby informed to expect visits from officers of the Enforcement Unit of the Data Protection Commission from August 14.”
“Organisations are advised to inspect ID cards of officers of the Enforcement Unit and cooperate fully in this all-important national exercise,” the Executive Director stated.
She called on members of the public with information regarding data management by any organisation to reach out to the Commission to give information on non-compliant institutions and any issues relevant to data protection and privacy.