The Data Protection Commission (DPC) is an independent statutory body established under the Data Protection Act, 2012 (Act 843) to protect the privacy of the individual and personal data by regulating the processing of personal information. The Commission provides for the process to obtain, hold, use or disclose personal information and for other related issues bordering on the protection of personal data.
As part of the celebration of the Global Data Protection Week, the Executive Director of the Data Protection Commission, Patricia Adusei-Poku, met to update the media on the account of the Commission’s activities in the year 2021, in Accra, on Wednesday 26th January, 2022.
She posited that, the main mandate of the Commission is to protect the privacy of individuals and their personal data.
Madam Patricia Adusei-Poku, explained that, the Data Privacy Day otherwise known as the Data Protection Day is a global event celebrated on the 28th of January every year to create awareness among data subjects and businesses about the importance of protecting privacy as a Fundamental Human Right.
Adding that, “the main objective of the Data Protection Day is to inform and educate the public at large of their day to day rights and also provide professionals with the opportunity of meeting Data Subjects.”
Dubbed, “Transparency, Trust and Transformation in a Digitised Ghana”, the week-long nationwide awareness activities to sensitise the general public about Data Protection and Privacy, comes with different methodologies to achieve their objectives.
On the backdrop of their objectives, the Commission is working tirelessly with all its available resources sensitizing the general public on Transparency, Trust and Transformation to promote the rights of individuals as well as educate the Public and Private sector to fully demonstrate and evidence to their Data Subjects collaboratively towards the National Transformation Agenda.
“The DPC continues to engage the public-private sector through forums, workshops, webinars, and free drop-in sessions among others to create more awareness on the importance of ensuring data privacy in businesses to meet the reasonable expectation of the general public,” the Director said.
According to Madam Adusei-Poku,
“the DPC is engaging some critical stakeholders in a collaborative effort to step up public education on the need to protect personal data, monitor the compliance status of Data Controllers. These institutions include the Ministry of Health, Ministry of Education, Controller and Accountant Generals Department, Ministry of Justice and the Attorney General’s Department, Electoral Commission together with various civil servants’ groups at the national and regional level.”
She however disclosed that, the DPC and the Internal Audit Agency have signed an MOU in a collaborative effort to train all Internal Auditors nationwide to expand the scope of the audit to include the requirements of Act 843.
This collaboration she said, will spur a nationwide adherence and consistent approach to implementation and also enable the monitoring of accountability in the processing of personal data.
She also intimated that, DPC to improve its state of maturity as a newly established government institution such as enhancing the capacity of its personnel, has acquired a state-of-the-art Registration Software for more effective and efficient delivery of its mandate.
She noted that, “the Applicant Data Controllers now have a login to a profile area that provides them visibility into their registration record. You can log in whenever, to review, amend, or update your information held. The system automatically assesses your institution’s state of compliance as you complete your form online and presents you with a percentage score against a 100% weighted state of compliance.
You receive a roadmap of milestones to achieve as the next steps following registration. The systems allow the upload of photos, videos, and other documents as evidence of your accountability to your data subjects and the DPC. The Commission is able to share letters and messages with you in your profile space.”
Madam Patricia Adusei-Poku, further disclosed the DPC’s intent to accredit additional training institutions to assist with the training of their professionals. Saying, “our accreditation process is to ensure that the quality and standard of training is maintained nationwide. This will enable a consistent and standardised approach to the implementation of privacy programs by institutions who have understood the Commission’s mandate and expectations. They will use the official manual and deliver the same course as is being offered now.
The general public should always verify that an institution is accredited by the DPC to offer data protection training to ensure the quality and standard of training will be acceptable for our compliance requirements.”
Per the successful launch of the new registration software in October 2020, the DPC expects all affected by the Data Protection Act 2012, (Act 843) (which is every entity in the country) to duly register and pay the required fees as a legal obligation.
The Director continued that, “transitional provisions in Section 97 of Act 843, which stipulate that if your entity existed before May 2012, you should have registered within 3 months from August, 2012 and renewed your license 2 years i.e. 2014, 2016, 2018 and 2020. Newly incorporate entities should register within 20 days of the business commencement.
The new DPC Registration Software now can determine the total arrears owed from May 2012 when you apply to register. The DPC would be backdating arrears to March 2014 where the Registration fees were formally cleared by parliament.”