This follows refusal by these organizations and businesses to register with the Commission as mandated by law under Section  46(3) of the Data Protection Act 2021 (Act 843).

"In January, when we had the Data Protection Week, we publicly announced the Commission's intention to prosecute defaulting Data Controlling Entities, that is, those who haven't taken steps to to be in good standing with the DPC by registering their businesses and commencing the implementation of internal privacy programs which include training a professional, if applicable" Executive Director of the Commission, Madam Patricia Adusei-Poku noted.

She emphasized the need for organizations to priorities data protection, respect the privacy of others and act in accordance with the Data Protection Act to avoid prosecution.

Riding on the back of all past and recent avenues created for Data Controllers and Data Subjects to engage with the commission on their queries, challenges and/or concerns, the Commission has moved to the next level to instigate legal proceedings against defaulters.

In the meantime, The Commission has urged organizations to do what is right by registering with them, train an employee to become a Certified Data Protection Supervisor (CDPS) and implement an in-house privacy program.

The Data Protection Commission (DPC) is a statutory body established under the Data Protection Act, 2012 (Act 843) to protect the privacy of the individual and personal data by regulating the processing of personal data, choices of technologies and integrity of people with access to personal data.

The Commission provides for the process to obtain, hold, use, or disclose personal information and for other related issues bordering on the protection of personal data.