Data Protection Act, 2012
| Data Protection Act, 2012 | |
|---|---|
 |
|
| AN ACT to establish a Data Protection Commission, to protect the privacy of the individual and personal data by regulating the processing of personal information, to provide the process to obtain, hold, use or disclose personal information and for related matters. | |
| Citation | Act 843 |
| Territorial extent | The Republic of Ghana |
| Enacted by | Ghana Parliament |
| Date assented to | May 10, 2012 |
| Signed by | President of the Republic of Ghana |
| Administered by | Data Protection Commission |
| Keywords | |
| Status: Current legislation | |
The Data Protection Act, 2012 (The Act) is legislation enacted by the Parliament of the Republic of Ghana to protect the privacy and personal data of individuals. It regulates the process personal information is acquired, kept, used or disclosed by data controllers and data processors by requiring compliance with certain data protection principles. Non compliance with provisions of the Act may attract either civil liability, or criminal sanctions, or both, depending on the nature of the infraction. The Act also establishes a Data Protection Commission, which is mandated to ensure compliance with its provisions, as well as maintain the Data Protection Register.
The Act was first introduced in the Ghana Parliament in 2010, but was subsequently withdrawn by the then Minister of Communications, Haruna Iddrisu, to be revised. Parliament passed the bill in 2012, which then received Presidential assent on May 10, 2012. The notice of the Act was gazetted on 18 May 2012, and in accordance with Section 99, the Act came into effect on 16 October 2012.
The Act is made up 99 sections that are arranged under various headings, as follows:
Key terms in the Act are defined in the interpretation section, section 96. Unless the context otherwise requires, section 96 provides the following definitions to the notable terms:
“data controller” means a person who either alone, jointly with other persons or in common with other persons or as a statutory duty determines the purposes for and the manner in which personal data is processed or is to be processed
“data processor” in relation to personal data means any person other than an employee of the data controller who processes the data on behalf of the data controller
“data subject” means an individual who is the subject of personal data
“foreign data subject” means data subject information regulated by laws of a foreign jurisdiction sent into Ghana from a foreign jurisdiction wholly for processing
“personal data” means data about an individual who can be identified,(a) from the data, or (b) from the data or other information in the possession of, or likely to come into the possession of the data controller
“processing” means an operation or activity or set of operations by automatic or other means that concerns data or personal data and the (a) collection, organisation, adaptation or alteration of the information or data, (b) retrieval, consultation or use of the information or data, (c) disclosure of the information or data by transmission, dissemination or other means available, or (d) alignment, combination, blocking, erasure or destruction of the information or data
...
Wikipedia