Big players in the world today which include governments, organizations and individuals increasingly generate, collect and process personal information.
Building a strong data protection ecosystem, therefore, helps to nurture consumer trust and increased use of digital tools, which in turn can fuel investment, competition and innovation in a digital economy.
Ghana has levelled up to becoming quite heavily reliant on digital technologies hence the need for a data protection framework that can help policymakers and regulators build a digital economy that includes and serves everyone.
Fortunately, awareness of Data Protection as a matter of national interest is gradually picking up as people are beginning to become aware of how their personal data is stored and kept.
On Privacy Focus, the only television programme creating awareness on data privacy showing on JoyNews every Sunday at 4:00pm, the spotlight is put on the role of the Data Controller under the Data Protection Act 2012 (Act 843).
The Law
The Data Protection Act 2012 (Act 843) defines a ‘Data Controller’ as a person who either alone, jointly with other persons or in concert with other persons or as a statutory duty determines the purposes for and the manner in which personal data is processed or is to be processed.
Speaking in an interview with certified data protection supervisor and practitioner, Eric Gbenyo, he intimated that once a person has a business and employs persons to run the business, personal information of employees would have been collected and that is enough information to define the person through the business as a Data Controller. Again, be it a small, medium or large entity once personal information is collected in the process of doing business with clients, the entity headed by the individual is a Data Controller.
He added that it is for these reasons that it is important for every entity to understand its role in the Data Protection ecosystem that has come to stay and is growing exponentially.
In a business setting, some categories of employees such as the cleaners, security men, errand officials and drivers are usually left behind on training opportunities with the notion that the training may not be beneficial to the roles they play in their respective companies.
However, on Privacy Focus, Eric Gbenyo emphasised that Data Protection training should not leave any employee out as that category of employees are usually the first to come into contact with sensitive documents either delivered or picked up or left on desks after business hours.
Obligations and Responsibilities of Data Controller
The Data Controller is bound by section 28 of the Data Protection Act to put in place appropriate technical procedures and organizational measures that protect and safeguard the personal information of all persons connected to the organization be it – employees or customers.
Eric Gbenyo cited the cases with organizations looking to recruit who demand sensitive information from individuals such as their CVs. He noted that due to a lack of awareness, organizations don’t only take excess information but also discard personal information of those recruits that may be unsuccessful inappropriately.
Registration with the Data Protection Commission
Section 27 of the Data Protection Act states that “A data controller who intends to process personal data shall register with the Commission.” By this legal statement, every organization that processes personal data including that of employees must register with the Data Protection Commission which is the regulatory body of personal information in Ghana.
Mr Gbenyo entreated organizations who have not yet registered to do the needful to avoid being sanctioned. He also highlighted the numerous benefits associated with being a registered organization under the Data Protection Commission which includes winning customer trust and swiftly getting access to global contracts that require Data Protection Compliance.
Source: Ghana News