The Data Protection Commission (DPC) is an independent statutory body established under Act 843 Sec 2, and mandated to Protect the privacy of the individual and personal data by regulating the processing of personal information, and provide the process to obtain, hold, use or disclose personal information.
The DPC is also mandated to increase the education on data protection rights and empower data subjects to understand and know their rights.
It is however, positioning itself as a gateway to Africa by trailblazing the delivering of its supervisory mandate to international best practice standards. The Commission has implemented this continents first training of Privacy Practitioners to European standards thus introducing a new internationally recognized career path in this niche industry for Africa.
The Commission is committed to contributing effectively to the national transformation agenda by underpinning the efforts to safeguard and protect the rights of individuals through the enforcement of the requirements of the Data Protection Act, 2012 (Act 843).
To this end, the Commission entreats all “Data Controllers” to demonstrate their accountability and compliance with the Data Protection Act, 2012 (Act 843)
COMPLIANCE WITH THE DATA PROTECTION COMMISSION.
Compliance with Data Protection Act applies to organisations in all sectors, both public and private and third sectors/NGOs. It also applies to all electronic records as well as many paper records.
Act 843 binds all Data Controllers under Section 27 (1); “a Data Controller who intends to process personal data shall register with the Commission”.
WHO IS A DATA CONTROLLER – Sec.96
A person who is either alone or jointly with other persons or in common with other persons or as a statutory duty determines the purpose for and the manner in which personal data is processed or is to be processed.
WHAT IS PERSONAL DATA – Sec.96
It is data about an individual who can be identified from data or other information in the possession of or likely to come into the possession of the Data Controller. E.g. employee’s data.
WHO IS A DATA SUBJECT – Sec.96
An individual who is the subject of personal data, in order words a person whose data such as date of birth, place of birth, telephone number, employment and medical information etc. could be linked to them and is in the possession of, or likely to come into the possession of the data controller.
Speaking at the Press Launch for the 1st Africa Region Data Protection and Privacy Conference at the Ecobank Head Office in Accra on 19th June, 2019, the Executive Director of the Data Protection Commission (DPC), Ms. Patricia Adusei-Poku, said, data controllers who will breach the Data Protection Law would be prosecuted.
The conference which is in partnership with the Network of African Data Protection Authorities, is scheduled to take place at the Accra International Conference Centre, from June 24th – June 27th, 2019.
Ms. Adusei-Poku, explained that, the Data Protection Law took retrospective effect and affected every facet of life, however, any data controller, not duly registered with the Commission, was at a high risk of being prosecuted and fined appropriately, through a collaborative effort by the Data Protection Commission and the Attorney-General’s Office.
She however said, the names of data controllers and their businesses would be published in the national dailies for irresponsible conduct, to sanction them for failure to register with the Commission as required by law.
In line with this, She underscored the need for the media to use their various platforms to educate all data controller entities to register with the Commission to ensure that, data protection is accessed rightly.
She said, it will be criminal on the part of any entity that will not register. This she said, will mean that entity would be processing data illegitimately.
She however, underpinned National Security, Crime and Tax agencies, health and social working bodies were among entities that were exempted from being registered with the Commission.
With respect to disposing of data, She said it was important to discard information or data collected once it had exhausted its usage or relevance to avoid being accessed by wrong people.
She further changed media practitioners to task institutions that process data to come out clear on their modus operandi of managing data collected on the public.
Adding that, media practitioners are to enquire from institutions how data were collected, how personnel were trained to handle data, how to ensure the integrity of personnel before they were entrusted with the data and how to use appropriate technology to store information.
Meanwhile, the Africa Data Protection and Privacy Conference, will convene established Authorities in Africa and Global North counterparts for thought leadership, insight, best practice and high-level strategic content, providing a critical platform for promoting Africa’s drive for Data Protection and Privacy laws in Africa.
Countries across the African Region are at varying stages in their journeys towards enacting Data Protection and Privacy laws and establishing Supervisory Authorities in response to the increased use of technology, the pace of digitization and the exponential growth of activity in the global cyber space.
The Conference will focus on contemporary national and global issues such as the alignment between Privacy and the Right to Information; third party contractors and the safeguarding of national databases; acceptable national identification and challenges specific to the region; the pace of digitisation and the security of personal data; emerging technologies, artificial intelligence and the ethics of processing; enabling financial inclusion and a cashless system through mobile technology; processing for the global good e.g mass immunisation and international cooperation.
The Opening Ceremony will take place on Wednesday 26th June at the Accra International Conference Centre and the following International Stakeholders have confirmed presence:
• The United Nations Special Rapporteur on Rights to Privacy
• The African Union
• East African Community
• Economic Community of Central African States (ECCAS)
• Economic Community of West African States (ECOWAS)
• Intergovernmental Authority on Development (IGAD)
• African Telecommunications Union (ATU)
• Council of Europe (CoE)
• European Commission
• UK Information Commissioner
• Commonwealth Data Protection Commissioners
Confirmed workshops for the Conference are:
(1) Improving Regional enactment of DP law and establishing Authorities – How do we convince African Nations to pass the law and establish independent authorities?’
(2) General Awareness and individual Privacy as a fundamental human right – Considering the diverse cultures and specific challenges such as literacy levels and internet penetration levels, what best practice exist in Data Subject awareness in this region?
(3) Relevance of international conventions – How practical, realistic and applicable are the international conventions to the African Region?
(4) African Data Protection & Privacy in the global cyber space ‘What is the regional status, the global impact and actions required to protect individual privacy in the cyber space?
(5) Data Protection & Privacy and Financial Inclusion in Africa – How do we ensure the continuous protection of personal data and privacy with the increased use of inclusive and mobile Financial Technology in the region?
(6) Technological Advancement, Digitisation and Data Controller Accountability – Research, tools, frame works, innovations and other resources available.
(7) Ethical Approaches and processing for the global good – A focus on the African Region.
(8) Identifying individuals in the Digital Economy – What is an acceptable digital id for the African electorate?
(9) Processing for religious reasons – Should African Churches implement a Privacy Program?
Ghana has taken positive steps within the digital sector and was one of the first four countries in Africa (the second Anglophone country besides Mauritius) to ratify the Malibu Convention on Cyber Security and Data Protection.
Hosting this international conference reaffirms the government’s commitment to securing the privacy of citizens as a fundamental Human Right as Ghana scales up our digitisation efforts as part of the national transformation agenda to position Ghana as the gateway to Africa.
To sponsor, partner, exhibit or register please visit: https://ardppc.com/ or contact +233 (0) 501853955 /
+ 233 (0) 2222929