Defaulting controllers charged to register with Data Protection Commission or face prosecution
251 defaulting data controllers have been given a two-week ultimatum to register with the Data Protection Commission or risk prosecution.
This is according to the Data Protection Commission.
According to the commission, the defaulting institutions failed to register with it, even after an earlier 14-day notice had been issued to them to do so.
Addressing the media after presenting a list of defaulting institutions to the Director of Public Prosecutions, Yvonne Atakora-Obuobisa, in Accra on March 30, 2022, Executive Director of the DPC, Patricia Adusei-Poku, said the defaulting institutions owed the state some GHc1.5 million.
“The Data Protection Commission paid a visit to Director of Public Prosecution to begin a legal process to retrieve some 1.5million Ghana cedis from 251 Data Controllers who have flouted the Data Protection Act 2012 Act843 by refusing to register with the Commission. We have taken our time to commence the prosecution of companies and institutions that have defaulted in their obligation. In October 2020, we gave them an amnesty period of six months to register, as required under Section 46(3) of the act.
“While some came, others remained adamant to the caution. We have, thus, compiled a list of those who have failed to register with the commission. We have about 800,000 institutions on our list, out of which only 251, representing 2.5 per cent, have received their 14-day notices,” she said.
The Data Protection Commission (DPC) is a statutory body established under the Data Protection Act, 2012 (Act 843) to protect the privacy of the individual and personal data by regulating the processing of personal data, choices of technologies and integrity of people with access to personal data.
The Commission provides for the process to obtain, hold, use, or disclose personal information and for other related issues bordering on the protection of personal data.
Since Ghana’s digital transformation agenda kicked off, the Commission has been very keen in making public the mandates under the act for both Data Controllers and rights of Data subjects.
Entering the enforcement phase of compliance with the act, the DPC issued has from the beginning of the years issued notice letters to various companies cautioning the to register with the commission or risk facing the law. While some Data Controllers stepped up to comply with the Act other remained adamant to the cautions.
Source: Ghana Business
