info@businessghana.com
Non-compliant Data Controllers in business organizations are in hot waters as Ghana’s Data Protection Commission (DPC) has begun an enforcement exercise in line with the Data Protection Act 2012 (Act 843). Data Protection Expert and CEO of Information Governance Solutions, Madam Sylvia Appiah has cautioned Data Controllers (companies that receive and process personal information of individuals) to make the Data Protection requirements stipulated in the Act, a priority to avoid losing money.
As Ghana scales up efforts to create a safe digital economy, it cannot be
over emphasized that as part of the inherent nature of technology, issues relating to data subject rights and data controller responsibilities require a legal framework that would ensure that their rights were not violated in the pursuit and implementation of technology by data controllers.
The Data Protection Act outlines what constitutes lawful processing, exempt processing, and the scope and duties of data controllers, data processors, the Data Commissioner, and data subjects. It balances the need to ensure privacy rights with the rights of the State to remain inviolable, maintain law and order, function effectively, and protect its citizens effectively.
Speaking on the enforcement exercise which began on the 14th of August 2023 by the DPC, Madam Appiah said "Once you are found non-compliant, fines are slapped on your business, and results in sanctions which may include prosecutions and your business will accumulate costs. That is why organizations need to get interactive with consultants such as IGS, to facilitate registration with the Data Protection Commission."
She added that her institution would also help Data Controllers to implement a privacy policy, and appoint and train a Data Protection Supervisor within a company to monitor compliance.
Due to the rate of non-compliance of many organizations in the country, several cases of data breaches have been recorded as Data subjects are becoming more knowledgeable about their rights and the value of their data.
Madam Appiah urged businesses to opt for Data protection awareness training to enlighten them on their legal responsibilities as Ghana cannot be a safe place without the practice of data protection.
"Bespoke awareness training from IGS gives organizations, data protection best practices specific to the scope of business of the organizations. Then there is the general awareness that we can give every employee from the gate to top management, a general idea of how to safeguard personal data which is valuable to every business" she said.
