Ghana's Data Protection Act, 2012 (Act 843)

January 28, 2021

Recent attacks in 2019 and 2020 on the databases of businesses, educational institutions, and similar organizations has led to multiple breaches of personal data. These breaches resulted in the exposure of millions of records of individuals, including their names, geographical locations, financial and medical records as well as their political opinions. The increased sophistication of these attacks demonstrates the importance of data protection laws.

The Data Protection Act, 2012 (Act 843) protects individual privacy and personal data by regulating the collection, use, and disclosure of personal data and by providing procedures for the processing of personal data originating in Ghana. One way Act 843 protects individual privacy is by ensuring that the individual who is the subject of personal data (also known as the data subject) is aware of the data which is collected; the purpose for which the data being collected; the recipient of the data and the consequences of failure to provide the data. 

The Act further regulates data processors and controllers and requires that the processing of personal data is done in a lawful and reasonable manner and without infringing the privacy rights of the data subject. Additionally, data controllers are required to take necessary steps to ensure the integrity and security of personal data collected and processed.  These steps are to help prevent the unauthorized disclosure of personal data in the event of an attack of a database.

Interested in knowing more about Data Protection Laws in Ghana? Find our frequently asked questions and answers on data protection in Ghana here.